Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
766a562fe164c48e8eb60dd8b86fd87f6da0cbf5.rtf.tar.gz
-
Size
45KB
-
Sample
240416-hqwr8abg38
-
MD5
944762111367d4913b47f382a107edfe
-
SHA1
cbece087bd98f1d5f94ca7ae004eb9b8df0a06a1
-
SHA256
ac94c6e59cef23052c73fa577ebc9a1e4a81e9ecbeb936405e9c8d83f5c6db57
-
SHA512
6bbca3e014231fe01ac7a008fe1a85dc1ca915d8d5fa751e7a69f58bc6eb816b40a87bc44b94178d2d050281cac1f86bda58dd914792625f66d7b2fec75d9d16
-
SSDEEP
768:1ONeQbsTd8gRcxAN/tlcZ3G4mhDfooLbyTp3xWLCVVX43nXWL8V/6MDGlkzCEkJX:1ONeSuuxCw2rZooKPWiX4XXWL8V/RGay
Static task
static1
Behavioral task
behavioral1
Sample
766a562fe164c48e8eb60dd8b86fd87f6da0cbf5.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
766a562fe164c48e8eb60dd8b86fd87f6da0cbf5.rtf
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@# - Email To:
[email protected]
Targets
-
-
Target
766a562fe164c48e8eb60dd8b86fd87f6da0cbf5.rtf
-
Size
298KB
-
MD5
f66e1b62a4f55ba19195bbe77d9904da
-
SHA1
766a562fe164c48e8eb60dd8b86fd87f6da0cbf5
-
SHA256
2ebdaca8f32c4919206a9ea812cac3eb39517ac9d2b1d535900d3c16faf1b716
-
SHA512
982b3211c03c6554c1d6ac711b54fea077402bbb316bf9972187c8163aebb3e4c8d60408c4abe5b7517a8442b7c726b58013d5d438c9d5d29ba45ecc767d77a7
-
SSDEEP
3072:+sXvKMEesXvKMEesXvKMEesXvKME7N7k2i+mxQX7b5I:zKMeKMeKMeKMECBOX7b5I
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-