Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1.exe
-
Size
600KB
-
Sample
230918-m2ncfagg8v
-
MD5
77348c455ca0c859d9a00f3ada71cb74
-
SHA1
e18fd626e7f20173fc46970a6387068421598f50
-
SHA256
56b42ce524e101188605f0c0f6efaa7f4e77f4754dcb62607e6b53c45e4952be
-
SHA512
201476aeba07abafe4c9739aef3da14ff2ec01d289f312d1d513e6ac117f2ce980e90dfdd3ee24cae1417e728f7edbdf658ae5447cecaac225a04e6101491af7
-
SSDEEP
12288:FYZAfDuHOX9SnM62XAFZbz5ZzVJg3uL6HlcyuN1LUpn6ZE4ZljqS:FYZgji8g/5Zzjg+XBUpnOE4Zl
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.adityagroup.co - Port:
587 - Username:
[email protected] - Password:
Aditya!@#$%^ - Email To:
[email protected]
Targets
-
-
Target
1.exe
-
Size
600KB
-
MD5
77348c455ca0c859d9a00f3ada71cb74
-
SHA1
e18fd626e7f20173fc46970a6387068421598f50
-
SHA256
56b42ce524e101188605f0c0f6efaa7f4e77f4754dcb62607e6b53c45e4952be
-
SHA512
201476aeba07abafe4c9739aef3da14ff2ec01d289f312d1d513e6ac117f2ce980e90dfdd3ee24cae1417e728f7edbdf658ae5447cecaac225a04e6101491af7
-
SSDEEP
12288:FYZAfDuHOX9SnM62XAFZbz5ZzVJg3uL6HlcyuN1LUpn6ZE4ZljqS:FYZgji8g/5Zzjg+XBUpnOE4Zl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-