Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Revised PO_2024030122_pdf.7z
-
Size
15KB
-
Sample
240305-k8hdnabc8y
-
MD5
b44664608afa42eb31a18e8e79bb783e
-
SHA1
927a021760b5c6992b0c8f1ba2b109517c65bb9f
-
SHA256
275c5642252d7cd2c4a8dd5b80acd3a3b2492d9565cdfa035ffe7d777f4e4c1f
-
SHA512
0b860c2258194bbaaf27988d2332d445da5fce5a6b10d620b6ad550c967e88a68dbe8b1ae7cfb11a9cf9dbfad68ace39e3f230973c501f3efe1ae376dd0cf6e5
-
SSDEEP
384:FsDCQp8LahUnvvUz8UVdx/i2CnGfAAcqvC9LSuaHl0+:FsDCq8Nnaxq2CGfAusFaF0+
Static task
static1
Behavioral task
behavioral1
Sample
arbejdsommere.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
arbejdsommere.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.crane-eletronics.com - Port:
587 - Username:
[email protected] - Password:
peFyHns8 - Email To:
[email protected]
Targets
-
-
Target
arbejdsommere.vbs
-
Size
26KB
-
MD5
f8577629aeb64e251b9cb1e099e714d0
-
SHA1
5f0a623045c49b2d7ae72bcbd66ada317e4f03e2
-
SHA256
8d506a06bb82e85988a2b5be1e4ec782667ef2b5252f16a46adcc75e92077ef7
-
SHA512
52d6f17ce06caeaa1871a510d323598fe13fb67dacc6d01eb538bf0ad329e37fac28e33e27cf29725c08a3f40fb3a6042df5d6372dbcc499f9e00c932b69479c
-
SSDEEP
768:qaIZCEG9cNFeKAqIqBW2MQK/fFXSiPwKYv:2CJcviqzjOSiPwjv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-