Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd.zip
-
Size
1.4MB
-
Sample
231119-3t3p6ade7z
-
MD5
b2b323429c49a2a8e5c30ea25a6e9ccb
-
SHA1
7d785b4a18e8285cb730804c198ff5f8d6d53de6
-
SHA256
e2f665440fa0644cb1a53b447598fd29e719eb62a5bea5951576abcef646f016
-
SHA512
557a65fdcbef00e40af556d150aff5dda16bc822ecdba11a1b7eeb66b01717431299b03298b8a1f5029771caca1318db73a2e379e6587c7f01a044b43313c215
-
SSDEEP
24576:BmkZ+mcWNclxv+0kuWBEXhOsno7fYAQB/Doo5DShS1qMcl60JUuaxO508zDCIOek:BmJmc8ix50UAIv4h21DJ86/
Static task
static1
Behavioral task
behavioral1
Sample
bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd.exe
-
Size
1.9MB
-
MD5
e0bcb417f88eb3763db1da03853375e1
-
SHA1
3a4dafbaacf7127a7bd55a20346d9c857e01b5f2
-
SHA256
bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd
-
SHA512
b718af048706bf1b66ba69b429376702fb59dc03055ce22a10821509f80ba2beddae176a7234cf97ec7265a8a9f97b2ccc61ee4b11b086054799275549b7a1d5
-
SSDEEP
49152:sPKSQTERAQO3i2X9QfDjii+ZoEpNJHXXXS:MKSQTvmfvI5Xy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-