Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687_JC.exe
-
Size
607KB
-
Sample
231012-a3rd9sfh99
-
MD5
9dadfc8f01d8b789ce9267cc188591bb
-
SHA1
79f2fe21dbd9f4618a60d9421b623b6cfdb6d924
-
SHA256
cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687
-
SHA512
14974449f4b048802cb4f95aef64bc3d789ee1a96c4dde03f0dab2654e7ff754873bbca454d2c65303ae5d40f9f46281d13b7f71d500b04a46354e3536f147bd
-
SSDEEP
12288:zpUTErRtZC/CY5fdwZ0uYlR8gdV0Vj28EERjnd/gm5TD:NUiZC/CY5f6SHlR8gaj28Dv/gm5
Static task
static1
Behavioral task
behavioral1
Sample
cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sh003.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
blessing 2023 - Email To:
[email protected]
Targets
-
-
Target
cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687_JC.exe
-
Size
607KB
-
MD5
9dadfc8f01d8b789ce9267cc188591bb
-
SHA1
79f2fe21dbd9f4618a60d9421b623b6cfdb6d924
-
SHA256
cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687
-
SHA512
14974449f4b048802cb4f95aef64bc3d789ee1a96c4dde03f0dab2654e7ff754873bbca454d2c65303ae5d40f9f46281d13b7f71d500b04a46354e3536f147bd
-
SSDEEP
12288:zpUTErRtZC/CY5fdwZ0uYlR8gdV0Vj28EERjnd/gm5TD:NUiZC/CY5f6SHlR8gaj28Dv/gm5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-