Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
CONTRACT P.O 2.doc
-
Size
101KB
-
Sample
231011-htt3ssgg2t
-
MD5
1554ddba8a0a42a1e258363e5091bcad
-
SHA1
ba1c0dc891a4c879e0e770b735d84a868da64f5b
-
SHA256
ffeddcfd73cd061efddf80506a6a7150b243beb645669c6c249b52f941ed016f
-
SHA512
6404faefd20f0a7e779a2734d72e8ebe18d2d9f7a67b48419d7f74f2f82b0bb0141d4f67048bd4a3eb6ada8b93a23589972dd0db67f871ed628b9c4651be5fce
-
SSDEEP
768:TC7Wq0BiIsxPpwkWfYjugztCUlkXba1C/YuiYlusFbDXJhWxcX5W6Lulz3PvAq5:TC6q0BnpP4ugzxbuBlusFbFhvrulz3V
Static task
static1
Behavioral task
behavioral1
Sample
CONTRACT P.O 2.rtf
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
CONTRACT P.O 2.rtf
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@ - Email To:
[email protected]
Targets
-
-
Target
CONTRACT P.O 2.doc
-
Size
101KB
-
MD5
1554ddba8a0a42a1e258363e5091bcad
-
SHA1
ba1c0dc891a4c879e0e770b735d84a868da64f5b
-
SHA256
ffeddcfd73cd061efddf80506a6a7150b243beb645669c6c249b52f941ed016f
-
SHA512
6404faefd20f0a7e779a2734d72e8ebe18d2d9f7a67b48419d7f74f2f82b0bb0141d4f67048bd4a3eb6ada8b93a23589972dd0db67f871ed628b9c4651be5fce
-
SSDEEP
768:TC7Wq0BiIsxPpwkWfYjugztCUlkXba1C/YuiYlusFbDXJhWxcX5W6Lulz3PvAq5:TC6q0BnpP4ugzxbuBlusFbFhvrulz3V
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-