Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PAYMENT Route.pdf____________________________________________________________________.rar
-
Size
541KB
-
Sample
231023-q9tqzahb2s
-
MD5
822b964b935bee7da3502f7037942d92
-
SHA1
373ad8abc6e2b58371fb8543d7ed4d5c8bdafb36
-
SHA256
c99a75f50b78f5735845826a15174eb80db51ef3f4149847a03b69f5d631e52e
-
SHA512
f0e16b71da0230da02f859fd75e4efca822691eb60577869e0d24dde95b0aacc7232374cf93f3d3bfec99bef8b57eafac07b6c4caea798b361da0fe9a0d6e32c
-
SSDEEP
12288:LtidniG9Nnr8aANHupJC9C3uRzSJhFCUhwoi8DhJiy7IJbH:LtE3NmNHupM9IukhBhxi+DiVJr
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT COPY.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
PAYMENT COPY.pdf.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.expertsconsultgh.co - Port:
587 - Username:
[email protected] - Password:
Oppong.2012 - Email To:
[email protected]
Targets
-
-
Target
PAYMENT COPY.pdf.exe
-
Size
1021KB
-
MD5
28707370a3fb75269da8a9da30960505
-
SHA1
9c900e8ca6595599e922bce6f3255f29063d6212
-
SHA256
d49cff946605d03af069b896354b114d8a4b87313c1aa7fcac9fbf71bb39f8c1
-
SHA512
1ceb51a47825143cce7c0826e3d378b639621972996d6b0f7af772837852a0c00fc6f671f9c8642e2372e6b8118e43596f654073134681ca3958fba62be7f44f
-
SSDEEP
12288:uF0rdOBhhxlh/VJ1euMQd+S8Q/ZNt4/NpUH:00QdxTVJEuMPSDxNt+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-