Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.a3dddc51a8682f5f59d14b73f3f6298a3e42100adaa35f5f923f30d972522b3e.exe
-
Size
336KB
-
Sample
231106-2wfsqsga8x
-
MD5
576ea37ddee70b9062761e4bcc0c6a64
-
SHA1
7b330ac4a57fd4d6814fce3fa732d019f7b0d99d
-
SHA256
a3dddc51a8682f5f59d14b73f3f6298a3e42100adaa35f5f923f30d972522b3e
-
SHA512
51e9d658c5ef86e32e189c71ff26520d1b913180f027f1e62fe49639bbcac2de6b3f283e346e13272c4a972ca3ef295bdcf757156d6252778a5d9fac9ed16962
-
SSDEEP
3072:nDKW1LgppLRHMY0TBfJvjcTp5XQpv8sTfoQWN7qRp+Q48:nDKW1Lgbdl0TBBvjc/Qa2NCqm
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a3dddc51a8682f5f59d14b73f3f6298a3e42100adaa35f5f923f30d972522b3e.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.a3dddc51a8682f5f59d14b73f3f6298a3e42100adaa35f5f923f30d972522b3e.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.bretoffice.com - Port:
587 - Username:
[email protected] - Password:
OBah2m2U8LdU
Extracted
agenttesla
Protocol: smtp- Host:
mail.bretoffice.com - Port:
587 - Username:
[email protected] - Password:
OBah2m2U8LdU - Email To:
[email protected]
Targets
-
-
Target
NEAS.a3dddc51a8682f5f59d14b73f3f6298a3e42100adaa35f5f923f30d972522b3e.exe
-
Size
336KB
-
MD5
576ea37ddee70b9062761e4bcc0c6a64
-
SHA1
7b330ac4a57fd4d6814fce3fa732d019f7b0d99d
-
SHA256
a3dddc51a8682f5f59d14b73f3f6298a3e42100adaa35f5f923f30d972522b3e
-
SHA512
51e9d658c5ef86e32e189c71ff26520d1b913180f027f1e62fe49639bbcac2de6b3f283e346e13272c4a972ca3ef295bdcf757156d6252778a5d9fac9ed16962
-
SSDEEP
3072:nDKW1LgppLRHMY0TBfJvjcTp5XQpv8sTfoQWN7qRp+Q48:nDKW1Lgbdl0TBBvjc/Qa2NCqm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-