Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win64.PWSX-gen.20057.28212.exe
-
Size
616KB
-
Sample
240314-kbvmqaeg9z
-
MD5
2044ff3cb5a0623854edda54db00e636
-
SHA1
1265fb319728f10f6075ef3e19cc9a5a63899b8e
-
SHA256
78d57fe9932d8bc84a3dcc4ce9d3505e80c74a5af3cb6975c94e670be9a5d4ed
-
SHA512
0c14b8d1e4c5ef731cc8a5d48413fcc1118badb0d4f39a4a3f450ae90fea86d8b984cc86491c1b3596023ad774dc1c654b8a7aef3b05c573d6f4608a78305cdd
-
SSDEEP
12288:UeYc4ztAE2GCGIeYRxVyuwWnxjXvuv36fHPfNtFgz/J0IPFPF39GbphP:rYLH2nGIv0uwWnx7vCKX1tFUbFPFMhP
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.PWSX-gen.20057.28212.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.PWSX-gen.20057.28212.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.oripam.xyz - Port:
587 - Username:
[email protected] - Password:
231Father@
Extracted
agenttesla
Protocol: smtp- Host:
mail.oripam.xyz - Port:
587 - Username:
[email protected] - Password:
231Father@ - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win64.PWSX-gen.20057.28212.exe
-
Size
616KB
-
MD5
2044ff3cb5a0623854edda54db00e636
-
SHA1
1265fb319728f10f6075ef3e19cc9a5a63899b8e
-
SHA256
78d57fe9932d8bc84a3dcc4ce9d3505e80c74a5af3cb6975c94e670be9a5d4ed
-
SHA512
0c14b8d1e4c5ef731cc8a5d48413fcc1118badb0d4f39a4a3f450ae90fea86d8b984cc86491c1b3596023ad774dc1c654b8a7aef3b05c573d6f4608a78305cdd
-
SSDEEP
12288:UeYc4ztAE2GCGIeYRxVyuwWnxjXvuv36fHPfNtFgz/J0IPFPF39GbphP:rYLH2nGIv0uwWnx7vCKX1tFUbFPFMhP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-