Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1cd95a6e7380834f98182cef84e49b843d27c20bc2c111849a756408a8a2a34b.exe.zip
-
Size
632KB
-
Sample
231031-rh9tjsbf82
-
MD5
e1ceb8629d1c4ebe016f331be7a06404
-
SHA1
b2d58b639b73fe17626d15f6cada8a7c6cf5e2ca
-
SHA256
2d80c70b807366bd95568061912531e7f0c14b6f558b403260d8a26ee373a23f
-
SHA512
b87771d78092a60c26ad3b11fe674b0be6d44800a1185511a92ab4efb69287d9eaf7a3de261075fbd19af5c5a8be39486c63d5c5cc3f78dcb1f0581c7ed9f8a2
-
SSDEEP
12288:L7KIG4Z5jJXX1R9skw6v96srtXCe+3y61J/rKkW4d0btpJxOFazSwTF3:P/ZdRbn96srtXCe+Z1Jm74d0btFOFaz7
Static task
static1
Behavioral task
behavioral1
Sample
1cd95a6e7380834f98182cef84e49b843d27c20bc2c111849a756408a8a2a34b.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1cd95a6e7380834f98182cef84e49b843d27c20bc2c111849a756408a8a2a34b.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1133291620918382632/dqE_masvBaWgRzB59nggrkJBKoBvmOr6eW_j0AXdmxr8iUJKxaehQyz1TL6QQaDldmii
Targets
-
-
Target
1cd95a6e7380834f98182cef84e49b843d27c20bc2c111849a756408a8a2a34b.exe
-
Size
752KB
-
MD5
6c8403c97b7d16046218c8b26eb36d45
-
SHA1
c360688864dc407a298f10b42eb1a436ee5a2293
-
SHA256
1cd95a6e7380834f98182cef84e49b843d27c20bc2c111849a756408a8a2a34b
-
SHA512
432a69a415d2361b9c402bcb76fc49dbb2f2b6043f5346d049924517fc2dc63185f4bc438166050a22087bbc18ef3e60e309b0f62b76278e8856bcbe71451f84
-
SSDEEP
12288:o5MYDNqtNr/G+AcZ9ZcyQMmkXO34EA6Zsi+P0kj8qg/hKHGLDzjRs:o6Y4nrrqke33+Pprk0Gjj
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-