Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f38eafdd884c8454807dffb00f7642d637e212a65225d212b55c03890588c77b
-
Size
354KB
-
Sample
231122-nmr8hsca57
-
MD5
07342ab8145b8873d7f16d937dee1e5f
-
SHA1
76b48b5a9b65fb540444db1bd40ab272340170e9
-
SHA256
f38eafdd884c8454807dffb00f7642d637e212a65225d212b55c03890588c77b
-
SHA512
7418f053add33028343ec8913515a44dfb083db645154c9ca82410786c92cd622ee0520e0328abb367119187e0b332f1815099b9cac7df3d57196a5861edf78e
-
SSDEEP
6144:QBlL/Mf7ZfvDwnOREsssuSh2xDcsqznzhs4OUTU1YtbsBbh2ZmKpw:ikF7wnOVR/icskny4OKb2b0JO
Static task
static1
Behavioral task
behavioral1
Sample
f38eafdd884c8454807dffb00f7642d637e212a65225d212b55c03890588c77b.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
f38eafdd884c8454807dffb00f7642d637e212a65225d212b55c03890588c77b.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.nmsltd.com.tr - Port:
587 - Username:
[email protected] - Password:
nms190019
Targets
-
-
Target
f38eafdd884c8454807dffb00f7642d637e212a65225d212b55c03890588c77b
-
Size
354KB
-
MD5
07342ab8145b8873d7f16d937dee1e5f
-
SHA1
76b48b5a9b65fb540444db1bd40ab272340170e9
-
SHA256
f38eafdd884c8454807dffb00f7642d637e212a65225d212b55c03890588c77b
-
SHA512
7418f053add33028343ec8913515a44dfb083db645154c9ca82410786c92cd622ee0520e0328abb367119187e0b332f1815099b9cac7df3d57196a5861edf78e
-
SSDEEP
6144:QBlL/Mf7ZfvDwnOREsssuSh2xDcsqznzhs4OUTU1YtbsBbh2ZmKpw:ikF7wnOVR/icskny4OKb2b0JO
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-