Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f9db3611cd148475f633fc31ce450436d498d09765fbe1d8969abace77962f80.exe
-
Size
236KB
-
Sample
240304-qy5dbscf73
-
MD5
cf05bd363a4cc9d3757bbe9fbc10f8f2
-
SHA1
656169fd1eeb9285eb26ec3b92e1db75349b65f8
-
SHA256
f9db3611cd148475f633fc31ce450436d498d09765fbe1d8969abace77962f80
-
SHA512
0708776466660c384b16d49f04521b73b160ade1c4f6d863a8915b94d2b2d4d58e316b0b4f97e2a3d67f8c5d18d7667dc542a87e5e9a01b8aa7da929ddef0105
-
SSDEEP
3072:jf/ocxyVjXdE+kk0kkqSwcdSFETQWxrfeIpb5/PyDNP/L:jfbxyVjXdE+kk0kkqSwTeTQKrfeOtyh
Behavioral task
behavioral1
Sample
f9db3611cd148475f633fc31ce450436d498d09765fbe1d8969abace77962f80.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f9db3611cd148475f633fc31ce450436d498d09765fbe1d8969abace77962f80.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scorpionlogistics.qa - Port:
587 - Username:
[email protected] - Password:
jdtg7pzxsp - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.scorpionlogistics.qa - Port:
587 - Username:
[email protected] - Password:
jdtg7pzxsp
Targets
-
-
Target
f9db3611cd148475f633fc31ce450436d498d09765fbe1d8969abace77962f80.exe
-
Size
236KB
-
MD5
cf05bd363a4cc9d3757bbe9fbc10f8f2
-
SHA1
656169fd1eeb9285eb26ec3b92e1db75349b65f8
-
SHA256
f9db3611cd148475f633fc31ce450436d498d09765fbe1d8969abace77962f80
-
SHA512
0708776466660c384b16d49f04521b73b160ade1c4f6d863a8915b94d2b2d4d58e316b0b4f97e2a3d67f8c5d18d7667dc542a87e5e9a01b8aa7da929ddef0105
-
SSDEEP
3072:jf/ocxyVjXdE+kk0kkqSwcdSFETQWxrfeIpb5/PyDNP/L:jfbxyVjXdE+kk0kkqSwTeTQKrfeOtyh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-