Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2e84ff9971ebc6427d9e916d9dabb727.bin
-
Size
1KB
-
Sample
240212-b5qq7aeg8v
-
MD5
3b9c8fcf0d957a74a318a582d8a2386a
-
SHA1
0317abf7efdb24e38614a06b992a7d3a43139572
-
SHA256
194e39ac780ea074d02b4faa0a261f3bbf4d01bdf038a85b657b4be166108ee1
-
SHA512
828b51d334f62514097abbce205a22b4d4826977860a8a41c105cd538a7a9d4b4094c94230f610617274493683cd99f6d6d389e1a977e72ccad2eca62c58ea64
Static task
static1
Behavioral task
behavioral1
Sample
f4691cad5e54ee1d239725e5d2ae270a3ab1e6ffec22bc5fe93d42756d78861e.vbs
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
f4691cad5e54ee1d239725e5d2ae270a3ab1e6ffec22bc5fe93d42756d78861e.vbs
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tvixcs.top - Port:
587 - Username:
[email protected] - Password:
Alllenjeff4@XX - Email To:
[email protected]
Targets
-
-
Target
f4691cad5e54ee1d239725e5d2ae270a3ab1e6ffec22bc5fe93d42756d78861e.vbs
-
Size
2KB
-
MD5
2e84ff9971ebc6427d9e916d9dabb727
-
SHA1
2cff9666dad3cf3afbfa379718f31081fb1ed57a
-
SHA256
f4691cad5e54ee1d239725e5d2ae270a3ab1e6ffec22bc5fe93d42756d78861e
-
SHA512
1224ec9e4dfa00fb6c8ccd8cac0d775e883a2228a2cb34ed2b394bd6716f43b964820a69a8cc56f086372740bda283ad5d69a1e5f312b60de97de3106c9da922
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-