Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Tracking#INV-IV1905-029.exe
-
Size
681KB
-
Sample
231127-vs55wsaf73
-
MD5
828636842c69b4e453f5735e77c89d36
-
SHA1
b1c928ed1f9926fc64cee98be211a5e77c9551b5
-
SHA256
1d2add4e6e6f86f45aa1a4b75c32e4efbf43bc117cc5b3a3927b4e548cf2732c
-
SHA512
64b8f4ad28fd005936898e4fc244c8acab8257e04a033459a8b463fb5171a814ab20c7d5933577ef10562b8adba35eb4addd1060d1f18ce5448cfeec32cdfeb8
-
SSDEEP
12288:OaiOid7BR6wTuHfH7eXkhH2iRr2nILMUrniYqW3WbKLrcPwp9euwjz8lIc2pvBpV:O1OipB+H+yR8VDvW3/cPwL3wj+i5pDmv
Static task
static1
Behavioral task
behavioral1
Sample
Tracking#INV-IV1905-029.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Tracking#INV-IV1905-029.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
www.premier-bkk.com - Port:
587 - Username:
[email protected] - Password:
R2USmt6P - Email To:
[email protected]
Targets
-
-
Target
Tracking#INV-IV1905-029.exe
-
Size
681KB
-
MD5
828636842c69b4e453f5735e77c89d36
-
SHA1
b1c928ed1f9926fc64cee98be211a5e77c9551b5
-
SHA256
1d2add4e6e6f86f45aa1a4b75c32e4efbf43bc117cc5b3a3927b4e548cf2732c
-
SHA512
64b8f4ad28fd005936898e4fc244c8acab8257e04a033459a8b463fb5171a814ab20c7d5933577ef10562b8adba35eb4addd1060d1f18ce5448cfeec32cdfeb8
-
SSDEEP
12288:OaiOid7BR6wTuHfH7eXkhH2iRr2nILMUrniYqW3WbKLrcPwp9euwjz8lIc2pvBpV:O1OipB+H+yR8VDvW3/cPwL3wj+i5pDmv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-