Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105.exe
-
Size
1.0MB
-
Sample
240229-fs92hsed56
-
MD5
852bc2cdc32032cdaffc6e416f575382
-
SHA1
3a758f73fbc5bdbce2aaea3d53f3049106c4c1ba
-
SHA256
02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105
-
SHA512
30b3fddb2c1db19a9448c12fff117451e90a3adb29193b77d0e702978ca3d2f2dab7ce8d216adc7897c9e2117ba36b109b9dd168a66ef148b330b9ac429dab62
-
SSDEEP
24576:rtb20pkaCqT5TBWgNQ7agocS0JK/+f9d6A:oVg5tQ7agXHUe5
Static task
static1
Behavioral task
behavioral1
Sample
02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
rwe87$%21q - Email To:
[email protected]
Targets
-
-
Target
02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105.exe
-
Size
1.0MB
-
MD5
852bc2cdc32032cdaffc6e416f575382
-
SHA1
3a758f73fbc5bdbce2aaea3d53f3049106c4c1ba
-
SHA256
02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105
-
SHA512
30b3fddb2c1db19a9448c12fff117451e90a3adb29193b77d0e702978ca3d2f2dab7ce8d216adc7897c9e2117ba36b109b9dd168a66ef148b330b9ac429dab62
-
SSDEEP
24576:rtb20pkaCqT5TBWgNQ7agocS0JK/+f9d6A:oVg5tQ7agXHUe5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-