Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
02e565314622beca0b16e1c731549262b2b22e4bf3bef691d23991cebf94bfab_JC.exe
-
Size
958KB
-
Sample
231006-pbptpabb2w
-
MD5
289e55682a143b7520cf82f16305a54f
-
SHA1
2cda815c055ebdda4d4dd812176f89acad5d6300
-
SHA256
02e565314622beca0b16e1c731549262b2b22e4bf3bef691d23991cebf94bfab
-
SHA512
8a4cab565a12e4c0bd599de27db5cf0254d5ea4e5cb30d7610baba5967cb7cdab693224710440cdce4b50bc9e1c0778386883d91ba14dd48eddb855b072d3c1a
-
SSDEEP
12288:VM+ZDpsy8NLgmHCViuUxIZb/iPLq/rjI4rGbz9/b:Vsy8WWCEIZb/iD23I4rGV/
Static task
static1
Behavioral task
behavioral1
Sample
02e565314622beca0b16e1c731549262b2b22e4bf3bef691d23991cebf94bfab_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
02e565314622beca0b16e1c731549262b2b22e4bf3bef691d23991cebf94bfab_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
uikstcmljdzhturh - Email To:
[email protected]
Targets
-
-
Target
02e565314622beca0b16e1c731549262b2b22e4bf3bef691d23991cebf94bfab_JC.exe
-
Size
958KB
-
MD5
289e55682a143b7520cf82f16305a54f
-
SHA1
2cda815c055ebdda4d4dd812176f89acad5d6300
-
SHA256
02e565314622beca0b16e1c731549262b2b22e4bf3bef691d23991cebf94bfab
-
SHA512
8a4cab565a12e4c0bd599de27db5cf0254d5ea4e5cb30d7610baba5967cb7cdab693224710440cdce4b50bc9e1c0778386883d91ba14dd48eddb855b072d3c1a
-
SSDEEP
12288:VM+ZDpsy8NLgmHCViuUxIZb/iPLq/rjI4rGbz9/b:Vsy8WWCEIZb/iD23I4rGV/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-