Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
FACTURAS PENDIENTES.exe
-
Size
736KB
-
Sample
240410-tfrajage3y
-
MD5
be5049954ae1360c7c73edc98c252948
-
SHA1
347c475c80875dec8a84f6fbb70309e73f6c6036
-
SHA256
912444aec56fd47f95d449249675e51f2b07da90934d486c0d91e148cec71567
-
SHA512
8151efe7a2cbc5af735bd19eae31398ffae0fa19d97991903005c2d0d39e112285c4ea1ccc336429d293a29716d5df38439a1f43caac8f9d4f8fc9991acb89f1
-
SSDEEP
12288:SydzjtuEA9MsXWyiXiP9tyy2mFYauVJhsM4DZ264KuinZ5F0y65u:SydzB+7XxiXYt12mFYauVjcF2KtnZINw
Static task
static1
Behavioral task
behavioral1
Sample
FACTURAS PENDIENTES.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6840869330:AAEZ4yOJb6l9YkHVol7BaSnML2_yNUN78Xg/
Targets
-
-
Target
FACTURAS PENDIENTES.exe
-
Size
736KB
-
MD5
be5049954ae1360c7c73edc98c252948
-
SHA1
347c475c80875dec8a84f6fbb70309e73f6c6036
-
SHA256
912444aec56fd47f95d449249675e51f2b07da90934d486c0d91e148cec71567
-
SHA512
8151efe7a2cbc5af735bd19eae31398ffae0fa19d97991903005c2d0d39e112285c4ea1ccc336429d293a29716d5df38439a1f43caac8f9d4f8fc9991acb89f1
-
SSDEEP
12288:SydzjtuEA9MsXWyiXiP9tyy2mFYauVJhsM4DZ264KuinZ5F0y65u:SydzB+7XxiXYt12mFYauVjcF2KtnZINw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-