Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NewOrder.exe
-
Size
735KB
-
Sample
231120-hwcxasfa8t
-
MD5
422bfd2d85dd5bee8004526fa012df6a
-
SHA1
0b06633d868e7fcf22d0532d2bf97f40a61ffe73
-
SHA256
e49df0f66eb42b10494df1c1c8518fe9ab49b30df38b148c2158149d52a11b91
-
SHA512
fe5b82b7769fa3afb8d3617aab515be587d14637da26a1ddaf449fb48123e9d0a46399011498d224d84033c78ebab9727688c7a7a07d4cb23a94b8caa9657a16
-
SSDEEP
12288:vjN61h61EWGy6ZbRjXUtxX7LXM3Q7H4C/6GhuOTNLItGvB+WGe35dM5mbp7z2atS:gY7GDZoX7LXCQ7H4o6GhJXBZ2
Static task
static1
Behavioral task
behavioral1
Sample
NewOrder.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NewOrder.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.globalifb.com - Port:
587 - Username:
[email protected] - Password:
$;oGh3?)CQiY - Email To:
[email protected]
Targets
-
-
Target
NewOrder.exe
-
Size
735KB
-
MD5
422bfd2d85dd5bee8004526fa012df6a
-
SHA1
0b06633d868e7fcf22d0532d2bf97f40a61ffe73
-
SHA256
e49df0f66eb42b10494df1c1c8518fe9ab49b30df38b148c2158149d52a11b91
-
SHA512
fe5b82b7769fa3afb8d3617aab515be587d14637da26a1ddaf449fb48123e9d0a46399011498d224d84033c78ebab9727688c7a7a07d4cb23a94b8caa9657a16
-
SSDEEP
12288:vjN61h61EWGy6ZbRjXUtxX7LXM3Q7H4C/6GhuOTNLItGvB+WGe35dM5mbp7z2atS:gY7GDZoX7LXCQ7H4o6GhJXBZ2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-