Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c63e10d9534c22a4b8c51073288b94c32a428b2871f5739ab71d4e4ca1a19771
-
Size
605KB
-
Sample
231012-t84rbsca3s
-
MD5
efd03b5a9e6342f84aaf28dfec524c1e
-
SHA1
e161a7a9664a34e60baae4546b5809de3f427cd0
-
SHA256
c63e10d9534c22a4b8c51073288b94c32a428b2871f5739ab71d4e4ca1a19771
-
SHA512
8dc0f9e3b55db97ea7430d2a8576a2f56ff212549c5cd2d7d77053507460ccfbbd5face6c828d6d8c10264d2a11d04266831df28eb8c5a65534e8a13d17fdd52
-
SSDEEP
12288:v7t6kBLAQMxGaJEsBBSuySO68+qjaoUwVT4blIkPwBEVqC:jUgLAQMoaJjBBSuyAB8aYVUhIgwBEVqC
Static task
static1
Behavioral task
behavioral1
Sample
Purchase contract 23K11-086.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Purchase contract 23K11-086.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
IOL^xOF9 - Email To:
[email protected]
Targets
-
-
Target
Purchase contract 23K11-086.exe
-
Size
680KB
-
MD5
d87dc3556f0ee0c56863f83c1dfa88ab
-
SHA1
434f9728b7e5708cc6e3b24cd4df437fb454d5bf
-
SHA256
024c11134a00bda4eaf6a4528131e86652aaa1c1931d71c2f413c7c133b74c75
-
SHA512
af6d0be79f90e361a032e97e449b8327d6dac987b53f7b6531c186724664e8a912602088dad62d365d689d41d34d37c12b1439ccf74217d49b4e0806acb2151e
-
SSDEEP
12288:zYgAfDuHOXCcBq08I209uEE3hctaEqqNs7pK3bvHRu0f730PmPAJs:zYggcGql09bIetaEqqTrxu0o02
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-