Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ORDER 00.doc
-
Size
227KB
-
Sample
231101-pz7peagd31
-
MD5
5483c4d5bd2f86ae17a02583ca1264c1
-
SHA1
2fe0ad2983ee1f8a71aca5727c65d3ae9e54fdc8
-
SHA256
0352d3068460a1f9e366d76d3bc508449f0fceaf5a73a45e821cf11ba38bf6bf
-
SHA512
b2cdff776ee97ae2afbbf8aeb553e08a26e7170a78642fbb51d653168f62e295b4d8ac763fab539640fcbff6ee5be2e477c1074b2757b89edd6fcc5006cb5b54
-
SSDEEP
768:gwAbZSibMX9gRWj75vSln/16AiMqcho7tdn6MRwlz07ftrLI0:gwAlRIvSln/6Mlho7tdn6Xlz0TtrLI0
Static task
static1
Behavioral task
behavioral1
Sample
ORDER 00.rtf
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
ORDER 00.rtf
Resource
win10v2004-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@ - Email To:
[email protected]
Targets
-
-
Target
ORDER 00.doc
-
Size
227KB
-
MD5
5483c4d5bd2f86ae17a02583ca1264c1
-
SHA1
2fe0ad2983ee1f8a71aca5727c65d3ae9e54fdc8
-
SHA256
0352d3068460a1f9e366d76d3bc508449f0fceaf5a73a45e821cf11ba38bf6bf
-
SHA512
b2cdff776ee97ae2afbbf8aeb553e08a26e7170a78642fbb51d653168f62e295b4d8ac763fab539640fcbff6ee5be2e477c1074b2757b89edd6fcc5006cb5b54
-
SSDEEP
768:gwAbZSibMX9gRWj75vSln/16AiMqcho7tdn6MRwlz07ftrLI0:gwAlRIvSln/6Mlho7tdn6Xlz0TtrLI0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-