Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9d176c33ea44de565823c1ae56a0f77556db319dca4453b677ed11adbcbade53
-
Size
684KB
-
Sample
231124-l44xjahf33
-
MD5
bfdbe187b8290a14f28ddb2eb9b38c23
-
SHA1
5362c2ab83a79d002675f251f78971efc8b17a90
-
SHA256
9d176c33ea44de565823c1ae56a0f77556db319dca4453b677ed11adbcbade53
-
SHA512
c10e8dbb7b2f26ba5ce843cb3ab6ed1d1c83be1786fadc16a25b91358f78e0c53f8411116187fe6fdd13fbe52165cce73604c4e98f59e71b4aa531a6071072e2
-
SSDEEP
12288:5E6jD/dzYPbyM+kdGORb3HEuCOcpS27ybVX1XMEbKA0ENz:5tD/EmPjiXZgS27ybPUEN
Static task
static1
Behavioral task
behavioral1
Sample
9d176c33ea44de565823c1ae56a0f77556db319dca4453b677ed11adbcbade53.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
9d176c33ea44de565823c1ae56a0f77556db319dca4453b677ed11adbcbade53.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.goldeneaglelog.com.my - Port:
587 - Username:
[email protected] - Password:
Natikah93 - Email To:
[email protected]
Targets
-
-
Target
9d176c33ea44de565823c1ae56a0f77556db319dca4453b677ed11adbcbade53
-
Size
684KB
-
MD5
bfdbe187b8290a14f28ddb2eb9b38c23
-
SHA1
5362c2ab83a79d002675f251f78971efc8b17a90
-
SHA256
9d176c33ea44de565823c1ae56a0f77556db319dca4453b677ed11adbcbade53
-
SHA512
c10e8dbb7b2f26ba5ce843cb3ab6ed1d1c83be1786fadc16a25b91358f78e0c53f8411116187fe6fdd13fbe52165cce73604c4e98f59e71b4aa531a6071072e2
-
SSDEEP
12288:5E6jD/dzYPbyM+kdGORb3HEuCOcpS27ybVX1XMEbKA0ENz:5tD/EmPjiXZgS27ybPUEN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-