Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
725d44e77922332d23018ee4a5a5982ed0856c87d84c86a578c671726776ab48_JC.exe
-
Size
1.1MB
-
Sample
230923-xhx3mshg31
-
MD5
e9d5c407dff7f063ef4ae78562e2da9e
-
SHA1
1c573c5a165e171f013aac3ccf21816125d156aa
-
SHA256
725d44e77922332d23018ee4a5a5982ed0856c87d84c86a578c671726776ab48
-
SHA512
e5dd2b6de9dd1288c7fad0631676fbe36f9976bfecc7189de428123ce302d40f29b9969be4f88efc3dcd14005ff7ac78dfece4fd46b7b53bc547f16f7f066291
-
SSDEEP
12288:5ws77R2dAV6K9i4ytfh5tSZVfn5TjzsrjlU40IubL0YgcxhXibzkYCAr/1EN0i9p:+s7t2dAVd9i4ytWVl3rtazKQ1ENh3A+
Static task
static1
Behavioral task
behavioral1
Sample
725d44e77922332d23018ee4a5a5982ed0856c87d84c86a578c671726776ab48_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
725d44e77922332d23018ee4a5a5982ed0856c87d84c86a578c671726776ab48_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
ns0.ovh.net - Port:
587 - Username:
[email protected] - Password:
Contact@PMG*3017 - Email To:
[email protected]
Targets
-
-
Target
725d44e77922332d23018ee4a5a5982ed0856c87d84c86a578c671726776ab48_JC.exe
-
Size
1.1MB
-
MD5
e9d5c407dff7f063ef4ae78562e2da9e
-
SHA1
1c573c5a165e171f013aac3ccf21816125d156aa
-
SHA256
725d44e77922332d23018ee4a5a5982ed0856c87d84c86a578c671726776ab48
-
SHA512
e5dd2b6de9dd1288c7fad0631676fbe36f9976bfecc7189de428123ce302d40f29b9969be4f88efc3dcd14005ff7ac78dfece4fd46b7b53bc547f16f7f066291
-
SSDEEP
12288:5ws77R2dAV6K9i4ytfh5tSZVfn5TjzsrjlU40IubL0YgcxhXibzkYCAr/1EN0i9p:+s7t2dAVd9i4ytWVl3rtazKQ1ENh3A+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-