Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6,992,227 USD SWIFT.z
-
Size
720KB
-
Sample
240223-jn15lade5t
-
MD5
e8f281bec691df92e0b274bda48a9023
-
SHA1
8c95b511461e3fc31d02339ccaa5842676359970
-
SHA256
58ea08f23802ebf24469ecb15cfed7c0158ca8254863ce93bb3b5a58646170e0
-
SHA512
5721306f332aa975c9e2c2b800b7cb5d9b1ede8494269514300ed47162b9faec64876f72f14f3ac42a415ce7ea4ee0c72988c409f24d9e54f846eaeb6486932d
-
SSDEEP
12288:IlW3/mzBh35wwzAPV2Krnt+aq+2sXWlVEovGpv2wa0uNqEjzt3X2OkR:8B3zZatZ2RVXeG9HBu
Static task
static1
Behavioral task
behavioral1
Sample
6,992,227 USD SWIFT.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
6,992,227 USD SWIFT.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mayedasselectromech.com - Port:
587 - Username:
[email protected] - Password:
India@2014 - Email To:
[email protected]
Targets
-
-
Target
6,992,227 USD SWIFT.z
-
Size
720KB
-
MD5
e8f281bec691df92e0b274bda48a9023
-
SHA1
8c95b511461e3fc31d02339ccaa5842676359970
-
SHA256
58ea08f23802ebf24469ecb15cfed7c0158ca8254863ce93bb3b5a58646170e0
-
SHA512
5721306f332aa975c9e2c2b800b7cb5d9b1ede8494269514300ed47162b9faec64876f72f14f3ac42a415ce7ea4ee0c72988c409f24d9e54f846eaeb6486932d
-
SSDEEP
12288:IlW3/mzBh35wwzAPV2Krnt+aq+2sXWlVEovGpv2wa0uNqEjzt3X2OkR:8B3zZatZ2RVXeG9HBu
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-