Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
765a7f3426de3365b870cc99538eda74_JC.bin
-
Size
668KB
-
Sample
230902-nnry5scf92
-
MD5
4966d2a220b9c54bf5cbf3eaac27ef08
-
SHA1
014dc76255c4d1f76c655e214b391366a3eaf7e6
-
SHA256
00c221397492400a9c49bd46074f4bcd123a0159351f75047ae77afccbf590e2
-
SHA512
a88735d07eebba97552d2680cde752cb634989a91be44dc5948ba67261a5fb7c809afbf1884e682a3f24ae8687ef7ba6ddf145147fad7b1805f51e480253b8ec
-
SSDEEP
12288:OYJ57mCysk0CFlsuQ0Ufbbwwf3pOsF6f3dEXb03APDKFW+q6Gla2am6o1dPikKG0:77fysrKl0nwwfZBi3dC0c+FW+4aXoG
Static task
static1
Behavioral task
behavioral1
Sample
PO#006543678.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
PO#006543678.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sgbumperscar.com - Port:
587 - Username:
[email protected] - Password:
tien3012m - Email To:
[email protected]
Targets
-
-
Target
PO#006543678.exe
-
Size
805KB
-
MD5
f8cb5d6d15cc29e2fa8f5fa441440ab1
-
SHA1
4c4d0691d1921bddecaffc6a969e4c992a1b0022
-
SHA256
faaa913f0d90b0848bb2ccb743fc3f14d93c21c0085b569dac67cbc14273624f
-
SHA512
a616a717ee6638cf8344a63d48fcf2ffe0f02ce20f47b30f23c40abe45d2c6c2648b70addb13ae14f3468bd9813337441a8ad3873ab34e178021ce450891a19e
-
SSDEEP
24576:NUOPypIzgWUgZxIo6aqApySa+m3mHl67BnrE:NUOPypIzDUex79rpyiErE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-