Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b
-
Size
644KB
-
Sample
240313-cgsfjshg2y
-
MD5
bc3ecb6b369f3a8d284a1a9d8df411f4
-
SHA1
a96d932d8853dcd2a6371c29801481564e97ace9
-
SHA256
1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b
-
SHA512
51f1f71455e9e930dde0dcd38f0c63e5d978d6388368f666f2cb0216851f68a9f25870dac23be22c62c3b7fc48070ae94094825959cbb84a59019ba805253f8d
-
SSDEEP
12288:qsJTENl3QhyrTiJVSVHb3InQTg+Fj/qnSSFscyaxvho4p1zTUxeZ3vSsjHVZ:PxENlUQHEnSg+Fj/qnLjxvhoS1SPsDV
Static task
static1
Behavioral task
behavioral1
Sample
1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wasstech.com - Port:
587 - Username:
[email protected] - Password:
Sunray2700@@ - Email To:
[email protected]
Targets
-
-
Target
1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b
-
Size
644KB
-
MD5
bc3ecb6b369f3a8d284a1a9d8df411f4
-
SHA1
a96d932d8853dcd2a6371c29801481564e97ace9
-
SHA256
1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b
-
SHA512
51f1f71455e9e930dde0dcd38f0c63e5d978d6388368f666f2cb0216851f68a9f25870dac23be22c62c3b7fc48070ae94094825959cbb84a59019ba805253f8d
-
SSDEEP
12288:qsJTENl3QhyrTiJVSVHb3InQTg+Fj/qnSSFscyaxvho4p1zTUxeZ3vSsjHVZ:PxENlUQHEnSg+Fj/qnLjxvhoS1SPsDV
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-