Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PROFORMA.EXE.exe
-
Size
485KB
-
Sample
231012-pbnavshd61
-
MD5
af4f474f394a907b0a5fe32c58a9ec0f
-
SHA1
2711d6d2180bae3d4bebc24583b7312443c7cad8
-
SHA256
97db943d58a436c3af596f5189c5f45c6303d6f5cd686d059d023d571d9ebf1b
-
SHA512
8d5302f88899fcb5824d7b332a8f63095dc9baf43320211c98b9b226a02dde9c11383536cb30e2af544c4c458c8951cf9c69c4c50f8bba9c59d56149f9390369
-
SSDEEP
12288:iLBsUHAeKHYJNeJXKDdZeTvOxzP3W1pgkmiVv:iuyA3HwUXKDSrIzPtkxVv
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA.EXE.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
PROFORMA.EXE.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6454394730:AAGgFQQoYOheiUtQpndUMtI4qKuZRF8EXWA/
Targets
-
-
Target
PROFORMA.EXE.exe
-
Size
485KB
-
MD5
af4f474f394a907b0a5fe32c58a9ec0f
-
SHA1
2711d6d2180bae3d4bebc24583b7312443c7cad8
-
SHA256
97db943d58a436c3af596f5189c5f45c6303d6f5cd686d059d023d571d9ebf1b
-
SHA512
8d5302f88899fcb5824d7b332a8f63095dc9baf43320211c98b9b226a02dde9c11383536cb30e2af544c4c458c8951cf9c69c4c50f8bba9c59d56149f9390369
-
SSDEEP
12288:iLBsUHAeKHYJNeJXKDdZeTvOxzP3W1pgkmiVv:iuyA3HwUXKDSrIzPtkxVv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-