Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cec987bff90b00ce724f9c8ba67a66c1.bin
-
Size
646KB
-
Sample
230901-cefnzabh79
-
MD5
5e8cf3225348bf6ada7b52387a7ece51
-
SHA1
e0ff28cc70381463b71922f84e09f128719ea292
-
SHA256
a168419d23971aa18f193230e08bfd74a1687e490eeeebae5fabd4a6dcdf0793
-
SHA512
1653ecf38f5f4b0692ad61dfcd3e69d57f7504871767fd5d752ae83940d676a40c78b0767989391f828cdbce8f69155461e7da6fded1b1f75a501ad6a3bdeb09
-
SSDEEP
12288:OJ2W2SCgofQuxU0nmnnin13StIjq34Lv6RTis26V2ZaGZr3n3TdUOGaEkciHJN:OcW2Mo4uxUWJn1UClM2s200ZNpN
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
purchase order.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.methobsindia.com - Port:
587 - Username:
[email protected] - Password:
blessing2023## - Email To:
[email protected]
Targets
-
-
Target
purchase order.exe
-
Size
687KB
-
MD5
bd8956a202a197e22148fae79c98e967
-
SHA1
22b02b9a316418eebbaca4bf5461660933fee5d3
-
SHA256
48344ddf6064b91600662af7a6b0c9d66b4ed354bd50839c360c21d62d49e63b
-
SHA512
0b70292c4fa26061f7ce06311aea02693dbc3b530c96862224848f45f5dfe70400b5eb72c62445851b9e994af20a3577ed92ac19cf1db4ca27bafb09f6e2c35d
-
SSDEEP
12288:ZZboCUhRcOJ5clu6ZRNL09JXgT8zQM95bgGvpZ2cVTt2M5osEITPcOr:PZ5yoZ/L6iT8kDu/22Z2ILTPc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-