Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ungziped_file
-
Size
749KB
-
Sample
240415-qlrxgahf5w
-
MD5
2cb429d144a84ae31ac8ecf48fa862fb
-
SHA1
379f1f62d047fa603ea0b933b526ed8ce9388be9
-
SHA256
2c06313c7db4b165b18717a7998239c5e64a9ddfbd7f3b57fc5cc11a973ac07f
-
SHA512
07dcce7087439d49084786eb54a98a898e4764c69d1850a5a0e7b72cd73f27408ffec7089e4730c680cf8e4b3b7fbc44981dfacad6d449ec785c32504d2b7d9f
-
SSDEEP
12288:FayNBwyr2HPWyd3eOC6hcO+JeQB9B279Avons1puKUoeRSs39:IyNCyrePWceOC6P8v844oer9
Static task
static1
Behavioral task
behavioral1
Sample
ungziped_file.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ungziped_file.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.leema.lk - Port:
587 - Username:
[email protected] - Password:
V[3ALIg~jl}T - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.leema.lk - Port:
587 - Username:
[email protected] - Password:
V[3ALIg~jl}T
Targets
-
-
Target
ungziped_file
-
Size
749KB
-
MD5
2cb429d144a84ae31ac8ecf48fa862fb
-
SHA1
379f1f62d047fa603ea0b933b526ed8ce9388be9
-
SHA256
2c06313c7db4b165b18717a7998239c5e64a9ddfbd7f3b57fc5cc11a973ac07f
-
SHA512
07dcce7087439d49084786eb54a98a898e4764c69d1850a5a0e7b72cd73f27408ffec7089e4730c680cf8e4b3b7fbc44981dfacad6d449ec785c32504d2b7d9f
-
SSDEEP
12288:FayNBwyr2HPWyd3eOC6hcO+JeQB9B279Avons1puKUoeRSs39:IyNCyrePWceOC6P8v844oer9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-