Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SOA_1.xls
-
Size
1.2MB
-
Sample
231101-l9m6zagh76
-
MD5
18d136d65a9ba1d8819f9dd525b507b7
-
SHA1
095315780b4608aa3c2c998431be510a65bc8df7
-
SHA256
f965fd659332137f24a3d7d759470200d973e9f1e17bcbe4b54ac1a84904fab9
-
SHA512
b2580c22dbee84af55ec179b225d3c5f9e8a40010294e4fb5fcb4b6d28e58e22476ab002a9130f99642cd744b80cd0a67d7a110919528ec509d18f10cc965b82
-
SSDEEP
24576:0uBSw6/uZyD3bV0w6/WZy43bVtEo84TA5YLp0JHOm9kyv0fLhedKwmx:v6/4K3bVH6/AP3bV7jTp9OHOmP8f97V
Static task
static1
Behavioral task
behavioral1
Sample
SOA_1.xls
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SOA_1.xls
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.imex-logistics.com - Port:
587 - Username:
[email protected] - Password:
IM@2019SHP$ - Email To:
[email protected]
Targets
-
-
Target
SOA_1.xls
-
Size
1.2MB
-
MD5
18d136d65a9ba1d8819f9dd525b507b7
-
SHA1
095315780b4608aa3c2c998431be510a65bc8df7
-
SHA256
f965fd659332137f24a3d7d759470200d973e9f1e17bcbe4b54ac1a84904fab9
-
SHA512
b2580c22dbee84af55ec179b225d3c5f9e8a40010294e4fb5fcb4b6d28e58e22476ab002a9130f99642cd744b80cd0a67d7a110919528ec509d18f10cc965b82
-
SSDEEP
24576:0uBSw6/uZyD3bV0w6/WZy43bVtEo84TA5YLp0JHOm9kyv0fLhedKwmx:v6/4K3bVH6/AP3bV7jTp9OHOmP8f97V
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-