Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3fd79e367d75bf1b3f13286941c0551a436a2f31a1e4d814f7086164659c83c6
-
Size
860KB
-
Sample
231012-jb5x1sgb92
-
MD5
53960a423870d31c8c22ac0a2a8e6d79
-
SHA1
7591cf56b9451715678ea342043ed95ceff0e8f4
-
SHA256
3fd79e367d75bf1b3f13286941c0551a436a2f31a1e4d814f7086164659c83c6
-
SHA512
7f1dd3233ea45011984771a831a0bcf1094df1b80a9c8fba6f53450e7505ab63f8018914c2cd9d0a91ede3e66120a6b0befc3376e75359538ce643cbd5c63bf5
-
SSDEEP
24576:ULcZ1l8x8mYJrkfSiquJyXoj5GIHei6QW/kGSKRK:XPlE89JoLjlHnAk+K
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip (SWIFT)·PDF.scr
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Payment Slip (SWIFT)·PDF.scr
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
PD#Hmarr#597r%@@ - Email To:
[email protected]
Targets
-
-
Target
Payment Slip (SWIFT)·PDF.scr
-
Size
2.1MB
-
MD5
aa172e2518840dd8e47c36520639f99f
-
SHA1
0c87154c41dd9cc5296259fa4ccdba17fcb057e5
-
SHA256
e1b45cf3afc2cecdee5a2da5517404bead4e28b31fa09f95eb45e8421acd4c7b
-
SHA512
267dee5888c2a31c0a956ce2ca32b004afae8c0ad2eec1420fd8bd676fb5d675381e4ea37bb0f8fcf58c9dd0a9c1e6a09b3bad9d355c409a0233225c4a528e29
-
SSDEEP
24576:tfDf12Bap8DH508+gOCWLd491xCeG0FpcM+bKssK6aG9O:trMBaIy9mvcMbsF1g
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-