Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d43aabb445ebb4aed4c3ecd11803c5691bb27e574dff608290582e1f57692e19.exe
-
Size
246KB
-
Sample
240304-qy43kacf67
-
MD5
2b14cb0e21283c1f18c566f94f66f1bb
-
SHA1
76318c348cb53008300bf82271f1e7ea57391a21
-
SHA256
d43aabb445ebb4aed4c3ecd11803c5691bb27e574dff608290582e1f57692e19
-
SHA512
ec36b0a6cf18b0521ea068f69fa706855458065c1349c03f4d526615656db9d4d1b49a9dc28c312e58c3667d1e55839db6ac0a54790a7d762b13c7b8ff8120c4
-
SSDEEP
3072:FSCHHXX3HGhgK5IOf7SILUJCQ75VWo2aZIV82:FJHXX3HGhgK5h6CQeo2n
Behavioral task
behavioral1
Sample
d43aabb445ebb4aed4c3ecd11803c5691bb27e574dff608290582e1f57692e19.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
d43aabb445ebb4aed4c3ecd11803c5691bb27e574dff608290582e1f57692e19.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.regs-adnocae.com - Port:
587 - Username:
[email protected] - Password:
LCxt8+!#W9Uw - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.regs-adnocae.com - Port:
587 - Username:
[email protected] - Password:
LCxt8+!#W9Uw
Targets
-
-
Target
d43aabb445ebb4aed4c3ecd11803c5691bb27e574dff608290582e1f57692e19.exe
-
Size
246KB
-
MD5
2b14cb0e21283c1f18c566f94f66f1bb
-
SHA1
76318c348cb53008300bf82271f1e7ea57391a21
-
SHA256
d43aabb445ebb4aed4c3ecd11803c5691bb27e574dff608290582e1f57692e19
-
SHA512
ec36b0a6cf18b0521ea068f69fa706855458065c1349c03f4d526615656db9d4d1b49a9dc28c312e58c3667d1e55839db6ac0a54790a7d762b13c7b8ff8120c4
-
SSDEEP
3072:FSCHHXX3HGhgK5IOf7SILUJCQ75VWo2aZIV82:FJHXX3HGhgK5h6CQeo2n
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-