Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ORDER LIST_OCTQTRFA00541·PDF.scr.exe
-
Size
1.7MB
-
Sample
231023-nlkgaaab33
-
MD5
7938d5d2a40adfcda64c8d5e570082bd
-
SHA1
66c45c9d9896908d5ea2b4a1725b1366b0a7d045
-
SHA256
4bc7979e8e63f880e9f4d7be6e59e55c059f5de3377837fcac7d167e3d4fc19f
-
SHA512
b6f4cf70d840dddb99bcb7eb20214e7d6f7d8ddd8c7f571bfede382cb7891824a5848c0aa98f0819a1c9c91963c09ec10b31c53e9d0d402f48b1345a6ae8ebb3
-
SSDEEP
24576:YahZEDPxrXXM3Z/QVhCO+KL5LueozFgmxnadvtlrN0i38pOnqjH57HIoSz7713Uw:QDpXXe+Vh5NSe0zxnkV0BpOqjZ7ez78y
Static task
static1
Behavioral task
behavioral1
Sample
ORDER LIST_OCTQTRFA00541·PDF.scr.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
ORDER LIST_OCTQTRFA00541·PDF.scr.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
uplerqfbhozyzbnm - Email To:
[email protected]
Targets
-
-
Target
ORDER LIST_OCTQTRFA00541·PDF.scr.exe
-
Size
1.7MB
-
MD5
7938d5d2a40adfcda64c8d5e570082bd
-
SHA1
66c45c9d9896908d5ea2b4a1725b1366b0a7d045
-
SHA256
4bc7979e8e63f880e9f4d7be6e59e55c059f5de3377837fcac7d167e3d4fc19f
-
SHA512
b6f4cf70d840dddb99bcb7eb20214e7d6f7d8ddd8c7f571bfede382cb7891824a5848c0aa98f0819a1c9c91963c09ec10b31c53e9d0d402f48b1345a6ae8ebb3
-
SSDEEP
24576:YahZEDPxrXXM3Z/QVhCO+KL5LueozFgmxnadvtlrN0i38pOnqjH57HIoSz7713Uw:QDpXXe+Vh5NSe0zxnkV0BpOqjZ7ez78y
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-