Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fd9ebeb1a490beb5b7506694a049f75b6cb75b684309609e0ecc3b1bc991c3e3
-
Size
442KB
-
Sample
231113-wevbxaeg78
-
MD5
baa627598acd62ccd0faa139168ae985
-
SHA1
29633b9fd80ebd0172c0294cdeb99800b4f55e86
-
SHA256
fd9ebeb1a490beb5b7506694a049f75b6cb75b684309609e0ecc3b1bc991c3e3
-
SHA512
e900af7686efdd44d0e1560397c01a40cbf9b4b4dcc65983a7203d203f7a19a043db3172194b0e392bc005496a93c5cf426cbc837256ed32a2be4f05b90d410a
-
SSDEEP
12288:ZuljUGmTXpfooJPCI+pcDcOaGcN9CMaMrpDHD:ZuoGmTZfo0/FxbcN9I8FHD
Static task
static1
Behavioral task
behavioral1
Sample
Deposit slip.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Deposit slip.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.experthvac.ro - Port:
21 - Username:
[email protected] - Password:
-8{jszMOY*Z8(~Za0#jyP%o7VoB.0)kk^)7_
Targets
-
-
Target
Deposit slip.exe
-
Size
590KB
-
MD5
f9d8800ecf0986599a5893c5573591e3
-
SHA1
95a51eb6fd997203997da56a5aa501683d0a5738
-
SHA256
ea258ad70d4927bf512f93e2a2f0f1c523cf93c2473b212646dd939304a2f37a
-
SHA512
f4dc8c22e3cc93d7b9061c40cb5aed72d6a43ff0c574900fbb912acc871a18ef12a8248a51afb0c27b921b1b735fbc2c0f6a787596a64d76bf477abb4535df17
-
SSDEEP
12288:1l9fmTXpfCEJzCI+poDcOa9OHOp0UHUpIPEGWQVZ:BmT5fC2/rxae2EG5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-