Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f554eee597d0262cd192e15ecfb61c71746ca2c0bc9948dc7703440e797f802e_JaffaCakes118
-
Size
685KB
-
Sample
240417-jykklaba41
-
MD5
9ff7e0f3a6ba748bc8549cb38ab93971
-
SHA1
511020c3ff5b7a72c24dce960fb142899e0b65af
-
SHA256
f554eee597d0262cd192e15ecfb61c71746ca2c0bc9948dc7703440e797f802e
-
SHA512
2c3e0dc2fb7c2fc9854211036133fba84d9d78e07e693da7346cdbc3d29252f2e802673c099b8b9b540b7b05a8b3ff80fc6561d7d2c1c43cabb594be2073421b
-
SSDEEP
12288:oeq+PtexJ5ZZcTlQnGODH+7YvNYbMp5KIh4G9SqkYYIJm7JbP:E+P65ZSTlmT4YvNYoWC4G8qLYqm7JbP
Static task
static1
Behavioral task
behavioral1
Sample
f554eee597d0262cd192e15ecfb61c71746ca2c0bc9948dc7703440e797f802e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f554eee597d0262cd192e15ecfb61c71746ca2c0bc9948dc7703440e797f802e_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6334555107:AAHjkXdGw4FaaaH1kHZyxe86XPdggmZYH1Y/
Targets
-
-
Target
f554eee597d0262cd192e15ecfb61c71746ca2c0bc9948dc7703440e797f802e_JaffaCakes118
-
Size
685KB
-
MD5
9ff7e0f3a6ba748bc8549cb38ab93971
-
SHA1
511020c3ff5b7a72c24dce960fb142899e0b65af
-
SHA256
f554eee597d0262cd192e15ecfb61c71746ca2c0bc9948dc7703440e797f802e
-
SHA512
2c3e0dc2fb7c2fc9854211036133fba84d9d78e07e693da7346cdbc3d29252f2e802673c099b8b9b540b7b05a8b3ff80fc6561d7d2c1c43cabb594be2073421b
-
SSDEEP
12288:oeq+PtexJ5ZZcTlQnGODH+7YvNYbMp5KIh4G9SqkYYIJm7JbP:E+P65ZSTlmT4YvNYoWC4G8qLYqm7JbP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-