Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Purchase-Order.scr.exe
-
Size
672KB
-
Sample
231011-ymw7kshh7x
-
MD5
7fccb0197c8d6888ab6a5f9713fba9f6
-
SHA1
ae8ea47dbb7c8bc40df063ea2e05823e2458cced
-
SHA256
b89fe3a178283fbd51ed71bd488e079a81dff40fc7124f57540e98540dce28a1
-
SHA512
feccea6ac8dc93c7f3bc88f3e3b2d3a84b11738161c8e1a153c5a8a29e17e424a84b75daf1754dd3e9d0f7f32335b9e1a6aa811349660e4f6837247add0bb7d2
-
SSDEEP
12288:UVj3hLQvfdxOo7gpXtrFF725cxd9dvmVV38eIlCwWTIghwhKfwlucbh1ejqaRiv6:sMOfx4twKyxluc90JRk6
Static task
static1
Behavioral task
behavioral1
Sample
Purchase-Order.scr.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Purchase-Order.scr.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6364043354:AAF_1bGx2vGEmysmy8L-UNpPd2QFFHQH3WU/
Targets
-
-
Target
Purchase-Order.scr.exe
-
Size
672KB
-
MD5
7fccb0197c8d6888ab6a5f9713fba9f6
-
SHA1
ae8ea47dbb7c8bc40df063ea2e05823e2458cced
-
SHA256
b89fe3a178283fbd51ed71bd488e079a81dff40fc7124f57540e98540dce28a1
-
SHA512
feccea6ac8dc93c7f3bc88f3e3b2d3a84b11738161c8e1a153c5a8a29e17e424a84b75daf1754dd3e9d0f7f32335b9e1a6aa811349660e4f6837247add0bb7d2
-
SSDEEP
12288:UVj3hLQvfdxOo7gpXtrFF725cxd9dvmVV38eIlCwWTIghwhKfwlucbh1ejqaRiv6:sMOfx4twKyxluc90JRk6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-