Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c2730a3d8925ff19b3311ced1a3d99f4
-
Size
503KB
-
Sample
240312-e3zg4aac87
-
MD5
c2730a3d8925ff19b3311ced1a3d99f4
-
SHA1
e25859d30656f0f90c43f3f6889017b02829f606
-
SHA256
4fedc6f8f522f5206bb6b51bf5c08ceeae4e9836275fee16acaed877f37521cf
-
SHA512
7f60bf7c15dc0585937bef0db93f96bf3dd24692738458f81fe6323a0d273d5d481ec51c43b7f9d2905617ba1bf69bccc683f66b78637976de385d61cc623af0
-
SSDEEP
12288:gTjcrDlutbk72Tzj6aN8HwXgiNRFOprkYj6vSa4QWBz:llutQ2TvN8HeRFej6abF
Static task
static1
Behavioral task
behavioral1
Sample
swifft copy 0093278521.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
swifft copy 0093278521.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.curnic.com - Port:
587 - Username:
[email protected] - Password:
TiqEDNO8
Targets
-
-
Target
swifft copy 0093278521.exe
-
Size
450KB
-
MD5
9d42843c35d0966b1503073cc442bf9e
-
SHA1
a4b1a2c164d8adf84a13994989534393674f13a2
-
SHA256
4bf346800f68830efab30a45be76b05cc82a3055281623ccdc3d56d52632bbe6
-
SHA512
b394f0117563e13a1abb248b5368294abbe60764fe8826b7cd5c0e618e1ccab39ab3804fbaedcc6d94e43554667e318a98e082190720682c74ac6fbe1fb02279
-
SSDEEP
12288:vTw6pgPcGMt8BCQZo9RC+1QjoZnGvgznz/cQ:vjG+0CpRQS4g7zb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-