Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c
-
Size
666KB
-
Sample
240417-ry24msdg7w
-
MD5
f2b9d62c09ab2759b02b99e5c029370e
-
SHA1
20527a71b9ee37753dcce46468d75cc33fb5c704
-
SHA256
dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c
-
SHA512
cb6c62b763d21597d25307720f05bf5ec25618246c87cf45953e78409323e0650167c894638e531f3f3111b41ba5de78805d751c4bf154622565fc060b43ef61
-
SSDEEP
12288:DrnQwGSi8q0gYd+3DDuFcUa5j8Obo67zIdlakurXMgKgw6UnGbeN7BBgIqQGs/MZ:DzGSi8q7mYDupa5j8H6fIdQRX9FUseBe
Static task
static1
Behavioral task
behavioral1
Sample
ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5935236817:AAFQXd5DfJIspEP49cvtN8EkM-g0qi2ZyW8/
Targets
-
-
Target
ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe
-
Size
747KB
-
MD5
ec6e0608754df82d29771061ba8e5bb0
-
SHA1
87be8fef2e23ad39099fbfbea85f9778d0b597ad
-
SHA256
ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a
-
SHA512
4ba4dfee9dc84fdf01ef8b4791597bf49b90e8cd561aaf4340b29bb955967b610e5f230c10e8cce723a278daba65987929ae54fd2468ee000d2ed76d58846a7a
-
SSDEEP
12288:JyRAYQ4LsQw/1sX75cPblhP4JoqfRR+bMXQb2wCWbF612k+NFQ1jt8TFpWO7j94+:+AC+/1G5cPJhQeqfT+bMXQb2Qjc1ju/8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-