Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6ebea473523c44132e5e5a30bedb1a43.bin
-
Size
657KB
-
Sample
231102-chal5aha53
-
MD5
37770ffdb75c067a44152b828653ea5c
-
SHA1
01f07c55b5bb91557f5a007c843e24517ce5a16a
-
SHA256
557eee365f920a187a791f1d8ea2c335b4b29b483d584508f7177428f7da7b31
-
SHA512
726181223179fdbbe12a18ca59b481b08811d2ccc26fd367a186b229ecdd6fcdbc533899abf6260c939b23b60c810a979222f9ed440b69456c758d61cc12a27e
-
SSDEEP
12288:GWrHLanWLcl6dUlJBb0R8uZPveCNgFlL+pduyBpjLgrntE3QGzp994i:GWrHLa6clXlJBb0iuhN93pIrn633L94i
Static task
static1
Behavioral task
behavioral1
Sample
6e158f16f07e8ff0704f797423eee56096fa51306fa8e74ae0034559f9cbe81c.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
6e158f16f07e8ff0704f797423eee56096fa51306fa8e74ae0034559f9cbe81c.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mediaexpert.dz - Port:
587 - Username:
[email protected] - Password:
Ayola@123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.mediaexpert.dz - Port:
587 - Username:
[email protected] - Password:
Ayola@123
Targets
-
-
Target
6e158f16f07e8ff0704f797423eee56096fa51306fa8e74ae0034559f9cbe81c.exe
-
Size
850KB
-
MD5
6ebea473523c44132e5e5a30bedb1a43
-
SHA1
b9777c487d43c43cf0a46b104f2912d7f6207f1b
-
SHA256
6e158f16f07e8ff0704f797423eee56096fa51306fa8e74ae0034559f9cbe81c
-
SHA512
7a016e64a52dae54712ccb40ad39c308715060894097ace857b272c32e996c8fb7c0135f1beaa791976fcae27eb73d5a6dbc74b9470c9e42210c3040e6ebda90
-
SSDEEP
12288:9XWvpnJ0UQAq0PO5ECGoNw5BvrpBlbL6n3POr5y9W8Di0mXtSC:9IJ0Sq0mC9hBvrtbLEyeHDjmXc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-