Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
032a15d1750e8e2208aece67bc3e54d1f28526978e703376750a6fa1e096fde1
-
Size
1.1MB
-
Sample
231115-q2accscd4w
-
MD5
0b3b1594947f8215107cad89322085c9
-
SHA1
4354ca509f86c6fc86f3b1eaac8cb4292a4719d6
-
SHA256
032a15d1750e8e2208aece67bc3e54d1f28526978e703376750a6fa1e096fde1
-
SHA512
d21d660a1ceb52221e64c25ae8628a22755408140399a8cce8533f1c8e3f232de0239435f9e5633e51fecd7e61fa74012a824555115715d4e91f2eb0fd5ecb63
-
SSDEEP
12288:NjOJofxt7J0RXKwpWm1ETuwoU4sFgvXvHj8jfyMC/xyXLLByfTS7nnBFcXxKFDK+:J822RXKwppEySsx7gnB2Qnc
Static task
static1
Behavioral task
behavioral1
Sample
032a15d1750e8e2208aece67bc3e54d1f28526978e703376750a6fa1e096fde1.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
032a15d1750e8e2208aece67bc3e54d1f28526978e703376750a6fa1e096fde1.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.corpcarnica.com - Port:
587 - Username:
[email protected] - Password:
AnzBal159@?
Targets
-
-
Target
032a15d1750e8e2208aece67bc3e54d1f28526978e703376750a6fa1e096fde1
-
Size
1.1MB
-
MD5
0b3b1594947f8215107cad89322085c9
-
SHA1
4354ca509f86c6fc86f3b1eaac8cb4292a4719d6
-
SHA256
032a15d1750e8e2208aece67bc3e54d1f28526978e703376750a6fa1e096fde1
-
SHA512
d21d660a1ceb52221e64c25ae8628a22755408140399a8cce8533f1c8e3f232de0239435f9e5633e51fecd7e61fa74012a824555115715d4e91f2eb0fd5ecb63
-
SSDEEP
12288:NjOJofxt7J0RXKwpWm1ETuwoU4sFgvXvHj8jfyMC/xyXLLByfTS7nnBFcXxKFDK+:J822RXKwppEySsx7gnB2Qnc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-