Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
New Order 3118.doc
-
Size
1.7MB
-
Sample
240328-h11txsch77
-
MD5
7a24b565d557e96657a019e0c1b93865
-
SHA1
b760ac2545af0df54ca335d18fa2df4280646881
-
SHA256
d9c01464eccdd1f866bca7505ea879e1f8f54a151aa3c4cab946bbc99e1e46bb
-
SHA512
051bc3b130367e113dd7c07579d4c9a9d5ea71f71ba4dd412e25e69fa54dc03f324150dcb88eeda4405562b5232b8bc9fa25826ee7cb2aa477e2591a2f17fdf5
-
SSDEEP
24576:oiu8COb31WA6cg4Y2YkSAWeyPIplPzEwWuPRaWnAtTZDTaMB0W1Ln7QiMZLKmVwH:Q
Static task
static1
Behavioral task
behavioral1
Sample
New Order 3118.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
New Order 3118.rtf
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
[email protected] - Password:
Ss@gosportz - Email To:
[email protected]
Targets
-
-
Target
New Order 3118.doc
-
Size
1.7MB
-
MD5
7a24b565d557e96657a019e0c1b93865
-
SHA1
b760ac2545af0df54ca335d18fa2df4280646881
-
SHA256
d9c01464eccdd1f866bca7505ea879e1f8f54a151aa3c4cab946bbc99e1e46bb
-
SHA512
051bc3b130367e113dd7c07579d4c9a9d5ea71f71ba4dd412e25e69fa54dc03f324150dcb88eeda4405562b5232b8bc9fa25826ee7cb2aa477e2591a2f17fdf5
-
SSDEEP
24576:oiu8COb31WA6cg4Y2YkSAWeyPIplPzEwWuPRaWnAtTZDTaMB0W1Ln7QiMZLKmVwH:Q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-