Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c
-
Size
167KB
-
Sample
240308-ca7a5adb3y
-
MD5
023a380d41ff5da1d2e505f3028c2733
-
SHA1
4db196075040aef5e5bcd8aa2e567e4fbd8a59a0
-
SHA256
a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c
-
SHA512
ed474270274370789988e7aea9adfdc9b430882d603f5adee9a5d8efa72fe1c0505dc5c90e60642725c10b640d635b3615f20112913b0d5b6a0ee14db22e1cef
-
SSDEEP
3072:yxyZgu92s76Mzb9QOosKerONy0w8AJT7GmCMY7pdkW:yxsgu92s7LzVhVrONy0wro
Static task
static1
Behavioral task
behavioral1
Sample
a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
$%M4,p)]vd1=
Extracted
Protocol: ftp- Host:
ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
$%M4,p)]vd1=
Targets
-
-
Target
a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c
-
Size
167KB
-
MD5
023a380d41ff5da1d2e505f3028c2733
-
SHA1
4db196075040aef5e5bcd8aa2e567e4fbd8a59a0
-
SHA256
a259f2efb80812c46d9dbc0289929a5973639e8acd4d5a8379a771c3d9fcd98c
-
SHA512
ed474270274370789988e7aea9adfdc9b430882d603f5adee9a5d8efa72fe1c0505dc5c90e60642725c10b640d635b3615f20112913b0d5b6a0ee14db22e1cef
-
SSDEEP
3072:yxyZgu92s76Mzb9QOosKerONy0w8AJT7GmCMY7pdkW:yxsgu92s7LzVhVrONy0wro
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-