Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1f64a1fccb2ccf2a7b3b8bd3fd40b3c3
-
Size
1.1MB
-
Sample
231225-bh97bafhbr
-
MD5
1f64a1fccb2ccf2a7b3b8bd3fd40b3c3
-
SHA1
abf690443bf75433e86c565cc7c0ffb3ee56d67c
-
SHA256
1fbfc85cb0739606eda3aa7ee754fd438ad9b24c4d674dac6db8864de954ef62
-
SHA512
93e8fc26e969753a9f5c8799aa3a9a79a719cce655fc91c4f344a8cba9dc32537583574dcac55213177d8bbfdc6a6ed23a604b1406c4d4ad79ea9a124277ac4b
-
SSDEEP
12288:9zlh2ZZpCKmnA8ebZj5/dDXPUAvoZnW5lHH4Qsex0XAByK9dbIMXVXN1edOO4ADs:Z29mnA8IZj5/dDlkWf494cg59rrKx4
Static task
static1
Behavioral task
behavioral1
Sample
1f64a1fccb2ccf2a7b3b8bd3fd40b3c3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1f64a1fccb2ccf2a7b3b8bd3fd40b3c3.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
@#yandel@>20$
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
@#yandel@>20$
Targets
-
-
Target
1f64a1fccb2ccf2a7b3b8bd3fd40b3c3
-
Size
1.1MB
-
MD5
1f64a1fccb2ccf2a7b3b8bd3fd40b3c3
-
SHA1
abf690443bf75433e86c565cc7c0ffb3ee56d67c
-
SHA256
1fbfc85cb0739606eda3aa7ee754fd438ad9b24c4d674dac6db8864de954ef62
-
SHA512
93e8fc26e969753a9f5c8799aa3a9a79a719cce655fc91c4f344a8cba9dc32537583574dcac55213177d8bbfdc6a6ed23a604b1406c4d4ad79ea9a124277ac4b
-
SSDEEP
12288:9zlh2ZZpCKmnA8ebZj5/dDXPUAvoZnW5lHH4Qsex0XAByK9dbIMXVXN1edOO4ADs:Z29mnA8IZj5/dDlkWf494cg59rrKx4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-