Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
invoice overdue.pdf.exe
-
Size
953KB
-
Sample
231115-wcajqaed31
-
MD5
3c288f869290db9a0a736599823e837e
-
SHA1
6ac8d55163b018275e32d7478f12b41926e48268
-
SHA256
f112d1e7c8414255846131a14109ae12e45ad65296bd014601d0a83c9ea90cb2
-
SHA512
ebf3d226026059c053b5787f293e7d1b7c89c56ebe1ce13d0a43b1c235e73537302b3f9a8d267257f88128a7fff5380a838efc7544e27446ad86e049a6f7e916
-
SSDEEP
12288:/IL5VcLYuPliBSpZAWzpNHP1MBkw9Jj6kKAQQtmxIlL5cjQUgjW9WB/P7r9r/+pj:85Oj1ZAWr4Jj6vA7UIh5cjojEC1q
Static task
static1
Behavioral task
behavioral1
Sample
invoice overdue.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
invoice overdue.pdf.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
kex#-rHjHM4qKk52 - Email To:
[email protected]
Targets
-
-
Target
invoice overdue.pdf.exe
-
Size
953KB
-
MD5
3c288f869290db9a0a736599823e837e
-
SHA1
6ac8d55163b018275e32d7478f12b41926e48268
-
SHA256
f112d1e7c8414255846131a14109ae12e45ad65296bd014601d0a83c9ea90cb2
-
SHA512
ebf3d226026059c053b5787f293e7d1b7c89c56ebe1ce13d0a43b1c235e73537302b3f9a8d267257f88128a7fff5380a838efc7544e27446ad86e049a6f7e916
-
SSDEEP
12288:/IL5VcLYuPliBSpZAWzpNHP1MBkw9Jj6kKAQQtmxIlL5cjQUgjW9WB/P7r9r/+pj:85Oj1ZAWr4Jj6vA7UIh5cjojEC1q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-