Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f77dc4ac075fb75864f974585ca3b393475b0c51330c29d49a98d360969c2442.doc
-
Size
51KB
-
Sample
231121-tlt9dagc4z
-
MD5
d0c1b19fa2e32065714d692a75a2e393
-
SHA1
e190e2d12d830acdbcbf0f878166132e85969d3c
-
SHA256
f77dc4ac075fb75864f974585ca3b393475b0c51330c29d49a98d360969c2442
-
SHA512
07f4893a09b4328389957b1416316f924380de891a9287412ec12a27d7e0d70763041afed52b80e75269b56e8d75a017d05ade9c8c3f25a5e8796906cd529418
-
SSDEEP
768:mwAbZSibMX9gRWje2RtIBtepUi8Hejr2Gbedh28TFP:mwAlRJGIBtTnnh24FP
Static task
static1
Behavioral task
behavioral1
Sample
f77dc4ac075fb75864f974585ca3b393475b0c51330c29d49a98d360969c2442.rtf
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
f77dc4ac075fb75864f974585ca3b393475b0c51330c29d49a98d360969c2442.rtf
Resource
win10v2004-20231023-en
Malware Config
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
f77dc4ac075fb75864f974585ca3b393475b0c51330c29d49a98d360969c2442.doc
-
Size
51KB
-
MD5
d0c1b19fa2e32065714d692a75a2e393
-
SHA1
e190e2d12d830acdbcbf0f878166132e85969d3c
-
SHA256
f77dc4ac075fb75864f974585ca3b393475b0c51330c29d49a98d360969c2442
-
SHA512
07f4893a09b4328389957b1416316f924380de891a9287412ec12a27d7e0d70763041afed52b80e75269b56e8d75a017d05ade9c8c3f25a5e8796906cd529418
-
SSDEEP
768:mwAbZSibMX9gRWje2RtIBtepUi8Hejr2Gbedh28TFP:mwAlRJGIBtTnnh24FP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-