Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.InjectorX-gen.6979.19171.exe
-
Size
761KB
-
Sample
240201-g52fksfbbl
-
MD5
3d8c54bb1e30ac85fb2e4de947704215
-
SHA1
d9e7c98cdffd52fd779ba4eb7b71382d36635af9
-
SHA256
b478ff97e82ba8a98a92a5d3bd42c23e73aa8507a6f9943e5aac5edbb092b0c4
-
SHA512
6db6a2b7872888a0b4dc352538a582fa152a160dee4acbb16a18f83ce69b234189cd4d8235696ba23a11d5438fcd836e5ad28c4fc89c6787c096972abd228777
-
SSDEEP
12288:NNPrd53rD22qi0sw9+6B2V0T/hcJKycoy+Dz9qeLvmXBM5k6x1OfdVTBtVZ0bF+Z:Nx3rDIhr+6B1T/dycJEVvmXBMZx1OFVl
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.InjectorX-gen.6979.19171.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.InjectorX-gen.6979.19171.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wasstech.com - Port:
587 - Username:
[email protected] - Password:
Sunray2700@@ - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.InjectorX-gen.6979.19171.exe
-
Size
761KB
-
MD5
3d8c54bb1e30ac85fb2e4de947704215
-
SHA1
d9e7c98cdffd52fd779ba4eb7b71382d36635af9
-
SHA256
b478ff97e82ba8a98a92a5d3bd42c23e73aa8507a6f9943e5aac5edbb092b0c4
-
SHA512
6db6a2b7872888a0b4dc352538a582fa152a160dee4acbb16a18f83ce69b234189cd4d8235696ba23a11d5438fcd836e5ad28c4fc89c6787c096972abd228777
-
SSDEEP
12288:NNPrd53rD22qi0sw9+6B2V0T/hcJKycoy+Dz9qeLvmXBM5k6x1OfdVTBtVZ0bF+Z:Nx3rDIhr+6B1T/dycJEVvmXBMZx1OFVl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-