Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO JSC_109117.exe
-
Size
113KB
-
Sample
240417-qcmldsab3s
-
MD5
2222a02624129789dd29c05a6478ba5b
-
SHA1
9518b4926893cf093bb012d691ec6ea0f4f66785
-
SHA256
a35a4d58e12b7c68d26502cee706e06a7e2145eaf3bcf3a1c1ea2668c4da8dc4
-
SHA512
0385ae956f75896a5e76241ef470d582b757bb8197e487c6bc6acd5a525abeb47be68bfd217d439223a937015f5229ae0af3950c891744c68c6c65f66483ef22
-
SSDEEP
384:4rYOf8QD8PJoDpsPNupo0C/K4vL3/ca3PphQUZUx7V9G9rv6vF4bWQ5lDRolLL4f:4cU8QD8vPNuSJhvL3V/bQH7aFWEO
Static task
static1
Behavioral task
behavioral1
Sample
PO JSC_109117.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO JSC_109117.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6455833672:AAEFwznYRFbwog3UBqp13FPbH7YVb236SRI/
Targets
-
-
Target
PO JSC_109117.exe
-
Size
113KB
-
MD5
2222a02624129789dd29c05a6478ba5b
-
SHA1
9518b4926893cf093bb012d691ec6ea0f4f66785
-
SHA256
a35a4d58e12b7c68d26502cee706e06a7e2145eaf3bcf3a1c1ea2668c4da8dc4
-
SHA512
0385ae956f75896a5e76241ef470d582b757bb8197e487c6bc6acd5a525abeb47be68bfd217d439223a937015f5229ae0af3950c891744c68c6c65f66483ef22
-
SSDEEP
384:4rYOf8QD8PJoDpsPNupo0C/K4vL3/ca3PphQUZUx7V9G9rv6vF4bWQ5lDRolLL4f:4cU8QD8vPNuSJhvL3V/bQH7aFWEO
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-