Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf
-
Size
799KB
-
Sample
231125-dgbngagh2x
-
MD5
8fb6d1e2ee67f07c2119e2ad77298b8d
-
SHA1
f8e6d4e53c48f1e155d975dbe9b8788438ab2eff
-
SHA256
7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf
-
SHA512
e40e7de8cf6d39a4e2d5e0eda17ddfd8c5031bcf2d582e448867af8ebeb9153610aa21c8cdeaa3aeb2ec1854b9ba4a0b4709c769fbb4109381deb65e29620a75
-
SSDEEP
12288:x+HvqbycatMvDITcpGIm/RarlLhFeP68lK4ENzJu:xckyp2vDITAnrlLhcS2ENJu
Static task
static1
Behavioral task
behavioral1
Sample
7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6307340152:AAHeYN4antwLhSrldvdRuauawQUNIq8sZ1w/
Targets
-
-
Target
7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf
-
Size
799KB
-
MD5
8fb6d1e2ee67f07c2119e2ad77298b8d
-
SHA1
f8e6d4e53c48f1e155d975dbe9b8788438ab2eff
-
SHA256
7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf
-
SHA512
e40e7de8cf6d39a4e2d5e0eda17ddfd8c5031bcf2d582e448867af8ebeb9153610aa21c8cdeaa3aeb2ec1854b9ba4a0b4709c769fbb4109381deb65e29620a75
-
SSDEEP
12288:x+HvqbycatMvDITcpGIm/RarlLhFeP68lK4ENzJu:xckyp2vDITAnrlLhcS2ENJu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-