Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c953399d37a195802a9665620cae4e9b
-
Size
1.3MB
-
Sample
240314-w94h3adh49
-
MD5
c953399d37a195802a9665620cae4e9b
-
SHA1
4bb7f89dcddffeed07496c950350e96ddf9ee0c9
-
SHA256
45fcc59bfbef8829e6261a4dbdc690c2ee1bc3de116fba86a7312a69b48bcf26
-
SHA512
2cedb33e48ebe9e53c4e928c80705f35a94b32e88471fd893d01a48d2322b2ff228a798212f81c834dee2751f433b975eb263d6c99d4d33231e708819388cfa8
-
SSDEEP
12288:QikXqKBb61CF47UhzrdkK4f5nc/tBe7sc2jwr2Nf3F0yBzlzn+Vs5rbK4HtLGEUz:lkDbF476HdqK/tBNMr
Static task
static1
Behavioral task
behavioral1
Sample
c953399d37a195802a9665620cae4e9b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c953399d37a195802a9665620cae4e9b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
[email protected] - Password:
password2021
Targets
-
-
Target
c953399d37a195802a9665620cae4e9b
-
Size
1.3MB
-
MD5
c953399d37a195802a9665620cae4e9b
-
SHA1
4bb7f89dcddffeed07496c950350e96ddf9ee0c9
-
SHA256
45fcc59bfbef8829e6261a4dbdc690c2ee1bc3de116fba86a7312a69b48bcf26
-
SHA512
2cedb33e48ebe9e53c4e928c80705f35a94b32e88471fd893d01a48d2322b2ff228a798212f81c834dee2751f433b975eb263d6c99d4d33231e708819388cfa8
-
SSDEEP
12288:QikXqKBb61CF47UhzrdkK4f5nc/tBe7sc2jwr2Nf3F0yBzlzn+Vs5rbK4HtLGEUz:lkDbF476HdqK/tBNMr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-