Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1693844525085627b7cf9bc306aa266e9305a77ee0a76dfb7cfee5affb59f76267a08f6833347.dat-decoded.exe
-
Size
274KB
-
Sample
230904-tvtdfahf95
-
MD5
9f0aeff878befa2b72bbc2405581d78b
-
SHA1
2eeb08f4869864d14cab38d73dc539cde3077f60
-
SHA256
a1528f5de37b949354a3cdd6e72ac966b4a0ec675d7a23b67af482ddcb94616d
-
SHA512
a5a4a0df564466e11ba0a5ae61289155f35545eb1225a3d378c29f20d65375feec9e5d6f4f8b8048932de9d1999348edd710c70d677db67a438bba6444fdaa81
-
SSDEEP
3072:9pMF0t5OFxrHqMqZoeRcqs4sdtYS6Z02ljQEZ5URUxeE/RkJxKbzhe:/MK54xOMqZ/HaTYJ3cE/xNavKb0
Static task
static1
Behavioral task
behavioral1
Sample
1693844525085627b7cf9bc306aa266e9305a77ee0a76dfb7cfee5affb59f76267a08f6833347.dat-decoded.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1693844525085627b7cf9bc306aa266e9305a77ee0a76dfb7cfee5affb59f76267a08f6833347.dat-decoded.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6515194704:AAEmyYc4dwrlO5o21i36i_KXXTaRISiSia4/
Targets
-
-
Target
1693844525085627b7cf9bc306aa266e9305a77ee0a76dfb7cfee5affb59f76267a08f6833347.dat-decoded.exe
-
Size
274KB
-
MD5
9f0aeff878befa2b72bbc2405581d78b
-
SHA1
2eeb08f4869864d14cab38d73dc539cde3077f60
-
SHA256
a1528f5de37b949354a3cdd6e72ac966b4a0ec675d7a23b67af482ddcb94616d
-
SHA512
a5a4a0df564466e11ba0a5ae61289155f35545eb1225a3d378c29f20d65375feec9e5d6f4f8b8048932de9d1999348edd710c70d677db67a438bba6444fdaa81
-
SSDEEP
3072:9pMF0t5OFxrHqMqZoeRcqs4sdtYS6Z02ljQEZ5URUxeE/RkJxKbzhe:/MK54xOMqZ/HaTYJ3cE/xNavKb0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-