Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
original shipping documents.zip
-
Size
591KB
-
Sample
231023-pjxjhaae49
-
MD5
94f8902b5e600bc31da83077d3ab3bc5
-
SHA1
8379dc3bf6d23ae29c3998f6ab8abbf5a7e798e6
-
SHA256
8e4b1d2f75d4745b45a8d564bdb3a7f06de34285006808a926de011a025262e4
-
SHA512
7c8a29c898a29811df99532e60d92c2f41ce1279868e90db6e148379482322a886f4685b3e6b2b2b3c9cafefd8d8bfc262685e4cb48bf4981a43c376c347edcf
-
SSDEEP
12288:UX7QvvBSGukpyZCYcOPOPEcAfeVgfLR8fKN6WQzycLJK:UX7nKuCYDPSoY/fKDOw
Static task
static1
Behavioral task
behavioral1
Sample
original shipping documents.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
original shipping documents.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bengalshoe.com - Port:
587 - Username:
[email protected] - Password:
kz@m@n123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.bengalshoe.com - Port:
587 - Username:
[email protected] - Password:
kz@m@n123
Targets
-
-
Target
original shipping documents.exe
-
Size
636KB
-
MD5
c5f9d133e67fc85ab8f64186e75ff02a
-
SHA1
b0d9efca68d88a652a3c3041de4ddd6cfb611ec2
-
SHA256
7527698e11a5f07d7a6c17f471943a9473857e724d394f043677eb59bf4dbf17
-
SHA512
157f45a8502331248b2fb95d6f5e11bec575bf7d0820e54330c280241a65cf213889ae38bc885f1902b44239ec2a2ffe8782bf9b85b6fce2dbb039df4316c843
-
SSDEEP
12288:Bvo51qBSGu8pIZCYGOPM/EDrscmIZu/WF8A22q5Y:Bvo5P+MCYhPe+wlIAWF8AVq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-