Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
52216cbf421b17963f4c4f9b9dedd228
-
Size
803KB
-
Sample
231226-eg2qbsadfk
-
MD5
52216cbf421b17963f4c4f9b9dedd228
-
SHA1
3478e3a82560a9cf8d65d2e49eb6564323145326
-
SHA256
606e2c0a9645a0537329503d77824f84c84bc0f06a614806714dcc1b2603bbf2
-
SHA512
6d3b7a0972ee98db7a3f9fba37eae29f898ea41c536bda717a37eef4352340beab6276acfa074f31f2c464402e2ed72c6946f1ca0c81fefaca0faa30c556cdd2
-
SSDEEP
24576:HyheDNVn2MN4enJW7uVjSIFxC1BkqZUk7r:Su2MNdFs
Static task
static1
Behavioral task
behavioral1
Sample
ORDEN DE COMPRA.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ORDEN DE COMPRA.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
romeovm2015
Targets
-
-
Target
ORDEN DE COMPRA.exe
-
Size
893KB
-
MD5
83f87a4734849d17938d841c91ee53c6
-
SHA1
06950782e923a1fc76dcb8c590580b58a2eb4c2f
-
SHA256
b822f0fdc5aac44af623c0fe224fca6af76feac6f2bccb59ab15cfcdaa7bfe0f
-
SHA512
ae947be1864ab0ed1a09a947c71a1f872ee5ecfcccf0fbbceba1da2287ff885a1df1bd5844b219cbccd821d95f3dd25d7ec5ba51267585d62bb9ab6fc737428a
-
SSDEEP
12288:ALNphggghCLV2GecUowJVNaU67hB/6Vj3Fh1JKWd+WMcsDwky7Dz71pP7mo5oFC4:UNphggZVDgNavhxohe6XF7mo5oFCEkv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-