Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a62335d4771982af2a0b257505a0a3040e108be7ab2f7b5fb5d85d5029685a91
-
Size
880KB
-
Sample
240312-beqy9sbd9s
-
MD5
128e223aa9db4e192ad1489b8f5b560b
-
SHA1
62244be6ba8056a99127f00452b3faa9e56cb4a2
-
SHA256
a62335d4771982af2a0b257505a0a3040e108be7ab2f7b5fb5d85d5029685a91
-
SHA512
84b2c390fb385d8f549d9a8a78cbc37cf819b54d4c577e44ad3be2ce53388af20bbedcc0e80080837099a2c71fc64a837cb89cb46352ce19ac858d210738f4be
-
SSDEEP
12288:s/Sr+pAQ3inVFaMdklcgKOQw54HoXPxyTaGWkquemE8KMvnsZUn3/JPS8z:X+AQ32HBdklcHSU+0NWkquemE8hs4PV
Static task
static1
Behavioral task
behavioral1
Sample
a62335d4771982af2a0b257505a0a3040e108be7ab2f7b5fb5d85d5029685a91.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a62335d4771982af2a0b257505a0a3040e108be7ab2f7b5fb5d85d5029685a91.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ztmfbih.ba - Port:
587 - Username:
[email protected] - Password:
jasmin.tafro - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ztmfbih.ba - Port:
587 - Username:
[email protected] - Password:
jasmin.tafro
Targets
-
-
Target
a62335d4771982af2a0b257505a0a3040e108be7ab2f7b5fb5d85d5029685a91
-
Size
880KB
-
MD5
128e223aa9db4e192ad1489b8f5b560b
-
SHA1
62244be6ba8056a99127f00452b3faa9e56cb4a2
-
SHA256
a62335d4771982af2a0b257505a0a3040e108be7ab2f7b5fb5d85d5029685a91
-
SHA512
84b2c390fb385d8f549d9a8a78cbc37cf819b54d4c577e44ad3be2ce53388af20bbedcc0e80080837099a2c71fc64a837cb89cb46352ce19ac858d210738f4be
-
SSDEEP
12288:s/Sr+pAQ3inVFaMdklcgKOQw54HoXPxyTaGWkquemE8KMvnsZUn3/JPS8z:X+AQ32HBdklcHSU+0NWkquemE8hs4PV
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-