Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dd39cbc93b94888e04900cdc4c7da69e.bin
-
Size
615KB
-
Sample
231012-22qvwsgb74
-
MD5
bb1b0389a30139f3dcae4567b89f6665
-
SHA1
4670a82c1363e4ccedea58d723edc8bcbfbd455a
-
SHA256
c117ab55923d1fa7f6055a2c2387532c2cec391bd1261d5cda7a4c5d2da11675
-
SHA512
44c83c7957af318bf48443effde2c3168ed61244039b8447ec1affedc9c5cc0520a5282eb1d0299ce34123b770e8b89af5c3b3f456a5fe4ebae23c8f0f16b455
-
SSDEEP
12288:l0d3UKTrjN08MyxFT+wJNlzAoknL1p0oavXAh:lyB9dFTFxCppawh
Static task
static1
Behavioral task
behavioral1
Sample
8400a919b9cb8b3ba1f8b635a24992fabddd5e162e0735c118a9213dc1f71ba9.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
8400a919b9cb8b3ba1f8b635a24992fabddd5e162e0735c118a9213dc1f71ba9.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
MAIL.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
8400a919b9cb8b3ba1f8b635a24992fabddd5e162e0735c118a9213dc1f71ba9.exe
-
Size
719KB
-
MD5
dd39cbc93b94888e04900cdc4c7da69e
-
SHA1
4001c2edea9b87c32dbc3500b69862ae1162f956
-
SHA256
8400a919b9cb8b3ba1f8b635a24992fabddd5e162e0735c118a9213dc1f71ba9
-
SHA512
ea4b8a0c92401ae8e9f68349d4b674674edcb3d57268760e8f7cededba9417961105ff5186ad8b8e5a4a0083d0330a5e533d49a1bb357c945e97b1f1c4d8de41
-
SSDEEP
12288:7A5WIPr4zyD/dEjE+pt4h69VfeTVvvRSbCDF5x9PgfDvC1FmbyEM2Ws:+gb74/BdgzC1Fmeh2Ws
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-