Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Statement Of Account Due.pdf______________________________________________.rar
-
Size
600KB
-
Sample
231011-yx1bzsae4t
-
MD5
77cf68625154aa665882b12f39fdd1d8
-
SHA1
624ad85478f8350d52ebf351fcfe9d4193b5a404
-
SHA256
13b93e8c98451404ea35623ebc7027217cfc5e6570d05a5a8b65a35283a7be9d
-
SHA512
90c4e6084ba4f914d7c6cb77b5ecafb2478c4fe7a3460fff8f25ea0f2e4bdfaf75cb7a3d4b0b40f9ce2a1e5540cee6b6d4079471ac8615162dfe01e7e10ae8b4
-
SSDEEP
12288:q+7SM0x4kXzRG5P3ucy0xuQfNCM5QFtmTgGz13msX/gq+JkTexi9L:qsSM84kDk5Py0xuQfNCM5qtmE81msXIw
Static task
static1
Behavioral task
behavioral1
Sample
Statement Of Account Due.pdf______________________________________________.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Statement Of Account Due.pdf______________________________________________.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.expertsconsultgh.co - Port:
587 - Username:
[email protected] - Password:
Oppong.2012 - Email To:
[email protected]
Targets
-
-
Target
Statement Of Account Due.pdf______________________________________________.exe
-
Size
754KB
-
MD5
390f382ef3a2d76e22e1a9481bcf1f64
-
SHA1
5e6f4341178f0871ed2b5520422cfb51d3eb9819
-
SHA256
a92454653447052d1a4d2342adeae2ae74a0499868a6fbd7834773b47b368cb7
-
SHA512
b9d8b2b78723d1f1ba3339ba9282b395d075ac63e48b3c3927a5ec3226eef26f617aba97597e0db4bcbcb9c9ff193255f57894b40e38e7aac606b8683ddf66c0
-
SSDEEP
12288:Izo+r8HbbwArD6L4qb+TfdMxHKmnPmcdtpf5HYUx2dv+HXqwHiDyody3mEq:u8HVDCDb+TfmlKcPm4HYe2dtvE0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-