Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df.exe
-
Size
1.1MB
-
Sample
240312-dm47zagf32
-
MD5
89efb0f0c24dbdaaa0f59f2841f2b648
-
SHA1
eb58341f2e64a1594b777f8de6b3c7ac18b339eb
-
SHA256
c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df
-
SHA512
a546fe757350947628ef698eee9d8e223fdfe48f94af445a877a4da2be67f362d67f8ed45cc176872a7b50843e74e884534025b5fd66fec2db8fa99a6e0d2272
-
SSDEEP
24576:uAHnh+eWsN3skA4RV1Hom2KXMmHatGy3P41phH7A5:Zh+ZkldoPK8YaYy3Po76
Static task
static1
Behavioral task
behavioral1
Sample
c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
rwe87$%21q - Email To:
[email protected]
Targets
-
-
Target
c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df.exe
-
Size
1.1MB
-
MD5
89efb0f0c24dbdaaa0f59f2841f2b648
-
SHA1
eb58341f2e64a1594b777f8de6b3c7ac18b339eb
-
SHA256
c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df
-
SHA512
a546fe757350947628ef698eee9d8e223fdfe48f94af445a877a4da2be67f362d67f8ed45cc176872a7b50843e74e884534025b5fd66fec2db8fa99a6e0d2272
-
SSDEEP
24576:uAHnh+eWsN3skA4RV1Hom2KXMmHatGy3P41phH7A5:Zh+ZkldoPK8YaYy3Po76
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-