Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
HpgebB45PzFn9i0.exe
-
Size
644KB
-
Sample
231016-mns1rsde3s
-
MD5
ccec447fe1e96f2d87327f564b2a36c0
-
SHA1
bc696dec4b638a03458c43238b33d3f0cf032f56
-
SHA256
44af16d96fc65cae46f919ca9a465a90a984db05a5c6f60a9d7f8217d75a44e1
-
SHA512
148940a4fabb3aff8bf5e7ee9a275ae04239bb834abc8986148aa9d8731c7053d86bf6ec0ea47afb2b46a42e08f838257788cf5b46f2aa273ba7b29466226924
-
SSDEEP
12288:YYzfqBufpQyWAR1ZrTqgLK18JFOHulOD+2+YNIGX1R/a6UFzII:TT6OE+1ZXqW68n/OD+2VNIGX1R/ar5II
Static task
static1
Behavioral task
behavioral1
Sample
HpgebB45PzFn9i0.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
HpgebB45PzFn9i0.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sgbumperscar.com - Port:
587 - Username:
[email protected] - Password:
cunduy123456789 - Email To:
[email protected]
Targets
-
-
Target
HpgebB45PzFn9i0.exe
-
Size
644KB
-
MD5
ccec447fe1e96f2d87327f564b2a36c0
-
SHA1
bc696dec4b638a03458c43238b33d3f0cf032f56
-
SHA256
44af16d96fc65cae46f919ca9a465a90a984db05a5c6f60a9d7f8217d75a44e1
-
SHA512
148940a4fabb3aff8bf5e7ee9a275ae04239bb834abc8986148aa9d8731c7053d86bf6ec0ea47afb2b46a42e08f838257788cf5b46f2aa273ba7b29466226924
-
SSDEEP
12288:YYzfqBufpQyWAR1ZrTqgLK18JFOHulOD+2+YNIGX1R/a6UFzII:TT6OE+1ZXqW68n/OD+2VNIGX1R/ar5II
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-