Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
FinalDraft1010CLEARDETAILSBL00398893PDF.exe
-
Size
4.3MB
-
Sample
240312-bg171sbe6x
-
MD5
ccd3e02044cbb142d3f74151c017b7fa
-
SHA1
bdedb46f8d0ed904982103c37de98a572187feec
-
SHA256
aa92559b13cde3bae21652f0dcdcf35ba0294baebba0db971af36127c8d6cd4d
-
SHA512
dddd40237a02afeec74707a229c85cf915e09e501cd2a8204a30dfe1e0bda1e9cb0b8b02e1b288e101d6a4b31620c41e61d901a703049f3f021d67e6acbae3e6
-
SSDEEP
49152:ThmBvgm276ZLLoF1ZghS8drWXFkK1PosuFMaFPj3mX202dmY7S31KmHH:TCyUWVkYALmd2dS3xHH
Static task
static1
Behavioral task
behavioral1
Sample
FinalDraft1010CLEARDETAILSBL00398893PDF.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FinalDraft1010CLEARDETAILSBL00398893PDF.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6714648151:AAFRIqlRXcpOAB1Q5t6Cq8WiQBoGP3a1Gnw/
Targets
-
-
Target
FinalDraft1010CLEARDETAILSBL00398893PDF.exe
-
Size
4.3MB
-
MD5
ccd3e02044cbb142d3f74151c017b7fa
-
SHA1
bdedb46f8d0ed904982103c37de98a572187feec
-
SHA256
aa92559b13cde3bae21652f0dcdcf35ba0294baebba0db971af36127c8d6cd4d
-
SHA512
dddd40237a02afeec74707a229c85cf915e09e501cd2a8204a30dfe1e0bda1e9cb0b8b02e1b288e101d6a4b31620c41e61d901a703049f3f021d67e6acbae3e6
-
SSDEEP
49152:ThmBvgm276ZLLoF1ZghS8drWXFkK1PosuFMaFPj3mX202dmY7S31KmHH:TCyUWVkYALmd2dS3xHH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-