Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
72206ef3ffece5fca5dba4182cc13dab225d80896d1702163265614dd17ecf1a
-
Size
705KB
-
Sample
240220-cc95sshg44
-
MD5
8ecbb2c7f6a96c777b9c1006de504489
-
SHA1
89c724cba92a147adacc47db58d2d6ab56e4d9b4
-
SHA256
72206ef3ffece5fca5dba4182cc13dab225d80896d1702163265614dd17ecf1a
-
SHA512
276f142028f03e51efd840ee85824fd0583737b67c0c8e0b92fe9d70f89555e06bf3414c24feeafb0a5179214e0384fb908257af0be2b6f7352391b592678388
-
SSDEEP
12288:6JdKUSmPwRYnOELz89Lc/OiG+kNajkdzVQO6hdFZd+SlJa+wlXthAGR83Gv4R+DS:wdKUSmP0Y74Q/OnACqbdFX+eaXjCGR88
Static task
static1
Behavioral task
behavioral1
Sample
72206ef3ffece5fca5dba4182cc13dab225d80896d1702163265614dd17ecf1a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
72206ef3ffece5fca5dba4182cc13dab225d80896d1702163265614dd17ecf1a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.ssipae.com - Port:
587 - Username:
[email protected] - Password:
Kamikase333
Extracted
agenttesla
Protocol: smtp- Host:
mail.ssipae.com - Port:
587 - Username:
[email protected] - Password:
Kamikase333 - Email To:
[email protected]
Targets
-
-
Target
72206ef3ffece5fca5dba4182cc13dab225d80896d1702163265614dd17ecf1a
-
Size
705KB
-
MD5
8ecbb2c7f6a96c777b9c1006de504489
-
SHA1
89c724cba92a147adacc47db58d2d6ab56e4d9b4
-
SHA256
72206ef3ffece5fca5dba4182cc13dab225d80896d1702163265614dd17ecf1a
-
SHA512
276f142028f03e51efd840ee85824fd0583737b67c0c8e0b92fe9d70f89555e06bf3414c24feeafb0a5179214e0384fb908257af0be2b6f7352391b592678388
-
SSDEEP
12288:6JdKUSmPwRYnOELz89Lc/OiG+kNajkdzVQO6hdFZd+SlJa+wlXthAGR83Gv4R+DS:wdKUSmP0Y74Q/OnACqbdFX+eaXjCGR88
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-