Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ee65a8025fd1c588e46437ac19dfe667.bin
-
Size
770KB
-
Sample
231011-3m1xzsdh86
-
MD5
c0f5513174f6c0a917313ac44c4cd8f0
-
SHA1
f7342f3a5dab7517b20ec13c76cdbc100919d76a
-
SHA256
9774fdea7e8ed96bfafe6e2bb78948c6f54cfcba577502fbf5dbed9d251dc63a
-
SHA512
5a60922fb31904f452e68c0b1bf6e2767028333e950d656315af0b5190cf5a18f70e7ce752573c644b7f3b9b7ec33565cd2f3f68e865e2f20f9ee773781344c6
-
SSDEEP
12288:B1jArOyNRp95ErF/q446MY/hzNDUX8MmkCA24Q0mkmCcZQTq15wt7:B1jAxRP5+FRBNNDUsMmkLxqzaGEt7
Static task
static1
Behavioral task
behavioral1
Sample
DN 729950068251.bat
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
DN 729950068251.bat
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.asiaparadisehotel.com - Port:
587 - Username:
[email protected] - Password:
y.tYfN)aoq4w - Email To:
[email protected]
Targets
-
-
Target
DN 729950068251.bat
-
Size
1019KB
-
MD5
f3d4c5c46c3d6b6f245032ced203e902
-
SHA1
2ffa30c68e1182acf0976f0b1021f523e6a0edf4
-
SHA256
36848413f8c343c47d8bf2f8ec254d402357031b1fb976cfe925e00438119c8a
-
SHA512
ecea94028784e376ffb79d55053f9eeca53ad9beff94b499463d710d4b111b21d876c8bf5e15ca7640a87550d366714229236bc5cb66cc1df6108426c564a56f
-
SSDEEP
24576:e4iTYb5PEHqFhUIzJMMbhgBpUxFR2Id6FnWhhh0c2j:mYbuHaNbh0m2W0c8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-