Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4c36d139fa9df02b0ca10337dcdc5f0c781aeb299b98126fc63db2e667bff057
-
Size
206KB
-
Sample
240201-ccc53aagdm
-
MD5
5dabea67aad7dcc99802e3a4a02f68ad
-
SHA1
47999ee4b6bb2fd397a93a4b9d34b0d714a05fd6
-
SHA256
4c36d139fa9df02b0ca10337dcdc5f0c781aeb299b98126fc63db2e667bff057
-
SHA512
d94c61562a227a7bc68d909f4bed818e5318c4d97faed4646fb8a9edad78373695d597559e7b1920a15215fc12242dd286c1d86b375b961abfc8cf9ad830fc42
-
SSDEEP
3072:UdSf2JsfZu1RYPaqKy+P5KV8e2iVvA9HT+Xrlmh:rhDhD+PYye2iiHKrlm
Static task
static1
Behavioral task
behavioral1
Sample
202401310009.exe
Resource
win7-20231215-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.ozmetalsan.com.tr - Port:
587 - Username:
[email protected] - Password:
ikircicek4521
Extracted
agenttesla
Protocol: smtp- Host:
mail.ozmetalsan.com.tr - Port:
587 - Username:
[email protected] - Password:
ikircicek4521 - Email To:
[email protected]
Targets
-
-
Target
202401310009.exe
-
Size
156KB
-
MD5
0073882408ccaeaa4c77889b22c5546c
-
SHA1
97f7176f986536ba6b16a2e59e699884a446d27a
-
SHA256
17e2ea8ea355babc49d0b0f4a16aaffa3e7e3e97171668205247e16d8e5eb5b8
-
SHA512
752ea528b877d92dc88c165e80f4f7add2864f2bdf6f5e96bbcf04a9adf13ca092cf93271cd25083cb033d26b884a3f1fd5e030c7f56b22277cfbae85173f2d9
-
SSDEEP
3072:6dSf2JsfZu1RYPaqKy+P5KV8e2iVvA9HT+Xrlmh:JhDhD+PYye2iiHKrlm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-