Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
rPO-4500628950_pdf.exe
-
Size
1.2MB
-
Sample
240126-tgj8lshce5
-
MD5
a7349364523f7f3637a6665497532953
-
SHA1
8912b64beaa943700b80b20da8cc62e11edb0ba2
-
SHA256
e5b2ac7f9314971e967c9c606b75dfb9766442b1dac9b9bd5fb7f5c848d5ff6b
-
SHA512
5b6b1c042281e39acdaaeeabe2b1dc6e86e445341a3cec126665d4ee2e8fc3612daaf85c2ebde09814ef3aa5417ad6b1e8c43a6f1fb8bded4dbc84548395ad6d
-
SSDEEP
24576:AAHnh+eWsN3skA4RV1Hom2KXMmHaJJHk0WmknMlg+vu5:3h+ZkldoPK8YaJJHnWWgt
Static task
static1
Behavioral task
behavioral1
Sample
rPO-4500628950_pdf.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
rPO-4500628950_pdf.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
kFxADjwNBm$_
Targets
-
-
Target
rPO-4500628950_pdf.exe
-
Size
1.2MB
-
MD5
a7349364523f7f3637a6665497532953
-
SHA1
8912b64beaa943700b80b20da8cc62e11edb0ba2
-
SHA256
e5b2ac7f9314971e967c9c606b75dfb9766442b1dac9b9bd5fb7f5c848d5ff6b
-
SHA512
5b6b1c042281e39acdaaeeabe2b1dc6e86e445341a3cec126665d4ee2e8fc3612daaf85c2ebde09814ef3aa5417ad6b1e8c43a6f1fb8bded4dbc84548395ad6d
-
SSDEEP
24576:AAHnh+eWsN3skA4RV1Hom2KXMmHaJJHk0WmknMlg+vu5:3h+ZkldoPK8YaJJHnWWgt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-