Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
980d990c1813bc5113311c20ef21ca571b6ea8b5c3f970afe8e8159526cd36b2_JC.zip
-
Size
45KB
-
Sample
230825-r9n16aef6z
-
MD5
0d8ab91cbaca239e67e861b37def25a4
-
SHA1
e194247eb2fd36170af948df8ead67716869a19a
-
SHA256
980d990c1813bc5113311c20ef21ca571b6ea8b5c3f970afe8e8159526cd36b2
-
SHA512
f40b8cbdefc7ce8e151ac884acae7066eae50550a56fc8d95f63ce346c42b11bfdf74138d4dbbeb4dd657b3cca350f0d40ddf6321012eb89b9aca10c02ced67b
-
SSDEEP
768:RbYgYtcrmCtASxh4mpq2Z/UXAIDgPGgCrYJOCabZX72DjiGoX:Rb/YtWmCqK1p/1UwIDeGgWyTabZX8BoX
Static task
static1
Behavioral task
behavioral1
Sample
PRE-ALERT-HTHC22031529.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
PRE-ALERT-HTHC22031529.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail92100.maychuemail.com - Port:
587 - Username:
[email protected] - Password:
Qwerty2020Hp## - Email To:
[email protected]
Targets
-
-
Target
PRE-ALERT-HTHC22031529.exe
-
Size
98KB
-
MD5
7dbeb9ccb04ea7f800cc115f3ea2a231
-
SHA1
57e74904a72fa69c7c81a3c5aeb77865b32bfa11
-
SHA256
311f3f352aab9853825dd455bcf8721f7d25d48c27fb1b4bd1ae9103e31bd7f4
-
SHA512
55fb26f94f151ec825b4b29b7a62d938ecf709b75f4d559a0d6e37084f61a47735745f5a5932729f5d8faee5c929b2b8ff53c639a69ca496eec58e9fa5d3f8d9
-
SSDEEP
3072:rCcNPrLtoBQtwTzZSxH7SlQjbJWutGRKGV7+52wuI+ghGt5KrfcT5:rCcNPrLto+twT1SxH7SlQjbJWutGRKGt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-