Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e8c89752942b8011820e9d04753700eb70f77a8701796ef7e826399cf889f9ec_JC.exe
-
Size
565KB
-
Sample
230901-t9a6eagd94
-
MD5
21cd38786ccaee7305123707ced27f43
-
SHA1
f594e2f6ec6f8a93542bacfb244c36705086af1f
-
SHA256
e8c89752942b8011820e9d04753700eb70f77a8701796ef7e826399cf889f9ec
-
SHA512
933f58794d04ecb59216b41e2a809b670a6e83e89d4f8c8a636868614b4f38158c926613736e9cca52be4b7376d54aedf7e9dbd529e169b6ffbfbf5101088c63
-
SSDEEP
12288:eULPObnA36hOdWkXyoceEfP0bTqLpiXUhYOapXcl6kpd2rH:3LP+DOXyoQ0bTqLbhNjpd
Static task
static1
Behavioral task
behavioral1
Sample
e8c89752942b8011820e9d04753700eb70f77a8701796ef7e826399cf889f9ec_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
e8c89752942b8011820e9d04753700eb70f77a8701796ef7e826399cf889f9ec_JC.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
e8c89752942b8011820e9d04753700eb70f77a8701796ef7e826399cf889f9ec_JC.exe
-
Size
565KB
-
MD5
21cd38786ccaee7305123707ced27f43
-
SHA1
f594e2f6ec6f8a93542bacfb244c36705086af1f
-
SHA256
e8c89752942b8011820e9d04753700eb70f77a8701796ef7e826399cf889f9ec
-
SHA512
933f58794d04ecb59216b41e2a809b670a6e83e89d4f8c8a636868614b4f38158c926613736e9cca52be4b7376d54aedf7e9dbd529e169b6ffbfbf5101088c63
-
SSDEEP
12288:eULPObnA36hOdWkXyoceEfP0bTqLpiXUhYOapXcl6kpd2rH:3LP+DOXyoQ0bTqLbhNjpd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-