Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO #1131011152-2024-Order,pdf.exe
-
Size
28KB
-
Sample
240221-qpjp9sge27
-
MD5
9e9bbdca2a035d2e5503d1c180fc5695
-
SHA1
f0a89a2568f653a5a66f71640a26da2f3553acce
-
SHA256
096a3baa4ba3d03b673524a281f63fa16e15a7880e5174a8679db9193eb48a75
-
SHA512
9ed9b1c9bc6e6ba2b61afc4faf35a3d75d258456d14ef03b06d269ec3895267c5e2703a9f4f9dbcbc29ff3cbcee0d3734a946b3281912afb27586dcff2505d68
-
SSDEEP
384:AndtRcWJiFCzBQYD84eaFs9whv1gNVwPdFQH4P4A/QO6zK8NTc81HVu+zPZ/9Dwv:QAFEBQYA5XK6ezQH28lpVfzP5dwv
Static task
static1
Behavioral task
behavioral1
Sample
PO #1131011152-2024-Order,pdf.exe
Resource
win7-20240220-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
S@fetyServicesGr0up
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
S@fetyServicesGr0up - Email To:
[email protected]
Targets
-
-
Target
PO #1131011152-2024-Order,pdf.exe
-
Size
28KB
-
MD5
9e9bbdca2a035d2e5503d1c180fc5695
-
SHA1
f0a89a2568f653a5a66f71640a26da2f3553acce
-
SHA256
096a3baa4ba3d03b673524a281f63fa16e15a7880e5174a8679db9193eb48a75
-
SHA512
9ed9b1c9bc6e6ba2b61afc4faf35a3d75d258456d14ef03b06d269ec3895267c5e2703a9f4f9dbcbc29ff3cbcee0d3734a946b3281912afb27586dcff2505d68
-
SSDEEP
384:AndtRcWJiFCzBQYD84eaFs9whv1gNVwPdFQH4P4A/QO6zK8NTc81HVu+zPZ/9Dwv:QAFEBQYA5XK6ezQH28lpVfzP5dwv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Contacts a large (4217) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-