Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0173e9a1c067565afec4c77a50d2e973d2c6d7a2e18070e7bd366b7af6039322
-
Size
632KB
-
Sample
240417-r67zvsch25
-
MD5
967b2a1a4289b52f828724ebc842ce28
-
SHA1
eb1d6ab3e496c8b353ebe1e59557b8307432820c
-
SHA256
0173e9a1c067565afec4c77a50d2e973d2c6d7a2e18070e7bd366b7af6039322
-
SHA512
792f3a894a4e08b50053fc58dfb210ef2a0b099eae07a78e6d6d2d0b58c2a28ed9494f8471db98e70e0e47ff3dfe6a9afbb31f78cd2bed0831cc86d97ad265b1
-
SSDEEP
12288:yQOzsDpXc3+p8TwpcCf++BADlGM9QcSdmWV3NW7tx+9z52zbt6KcgyWNenF:AzstC+YwpxfjSD0M9QLTAt252zp3cgyn
Static task
static1
Behavioral task
behavioral1
Sample
390742120fc89ba2735772dbb63c0998bdb2d26df99976a5406477c4ffab56c2.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
390742120fc89ba2735772dbb63c0998bdb2d26df99976a5406477c4ffab56c2.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pharmacell.com.tr - Port:
587 - Username:
[email protected] - Password:
Fatih-2015a - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.pharmacell.com.tr - Port:
587 - Username:
[email protected] - Password:
Fatih-2015a
Targets
-
-
Target
390742120fc89ba2735772dbb63c0998bdb2d26df99976a5406477c4ffab56c2.exe
-
Size
669KB
-
MD5
cb17689f9f2f8ead0450a9fa21ea6920
-
SHA1
44f2a04f059e94ce47a2da8ed0b175a97e20ddde
-
SHA256
390742120fc89ba2735772dbb63c0998bdb2d26df99976a5406477c4ffab56c2
-
SHA512
43d729df8acf4eb2fe56c7432835340214b571a942e12566eef1eab656b7c1e263d3ac6b76087757034294382c90f1f53d3c9b8c83e80783fc868e94e916c76b
-
SSDEEP
12288:Pz1uPBa5rr1wAM1F0XtZFBlZMMDcrKJSja7kaGPASF:Pua5rvM1FqnFBnMMDTSyoASF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-