Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.16850.12735.exe
-
Size
597KB
-
Sample
231030-nz6xfacf9y
-
MD5
50d2409a3a68ed17f86bd7c6480c9da6
-
SHA1
80e6fe748eca93a113c4d61cb13616ee0589f6a1
-
SHA256
9a4c5d776f205dcb2ef261654ebdc4b5ef42a31e2750a84150a3af05fb847c0a
-
SHA512
083024d6be2fca09751abbec5fc70a5459c177d3c32ad91182f9f1f08295b04bc1c687ea7bb9928ca818fc850b1e4864a28d8b85e1ae9a9e7a0983a3320e402a
-
SSDEEP
12288:V8P69yqLb9F3xdkbO22ejFmRIwIvuSzkpsrajBROvQjCfiMDg3F:+6XHbbJejQIwtsmjjOvQjCqwg
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.16850.12735.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.16850.12735.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.obynnehhhan.com - Port:
587 - Username:
[email protected] - Password:
G$MUuYG3
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.16850.12735.exe
-
Size
597KB
-
MD5
50d2409a3a68ed17f86bd7c6480c9da6
-
SHA1
80e6fe748eca93a113c4d61cb13616ee0589f6a1
-
SHA256
9a4c5d776f205dcb2ef261654ebdc4b5ef42a31e2750a84150a3af05fb847c0a
-
SHA512
083024d6be2fca09751abbec5fc70a5459c177d3c32ad91182f9f1f08295b04bc1c687ea7bb9928ca818fc850b1e4864a28d8b85e1ae9a9e7a0983a3320e402a
-
SSDEEP
12288:V8P69yqLb9F3xdkbO22ejFmRIwIvuSzkpsrajBROvQjCfiMDg3F:+6XHbbJejQIwtsmjjOvQjCqwg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-