Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0f2cec6e4a20f7017cbfb9144028fc3c865da826c7e40173128bd51ce91ac579.zip
-
Size
653KB
-
Sample
240419-n5d4lsba68
-
MD5
2c62e05278b182250a15329ed6bbeaaa
-
SHA1
e3f805348c387b55d68b9016fe3a1783e06bd75e
-
SHA256
0f2cec6e4a20f7017cbfb9144028fc3c865da826c7e40173128bd51ce91ac579
-
SHA512
35eb78b7c81be4ea2e597a1bd4d38e3b2d29758768f7d0e274e077edc8a82ed7b1a5250c18b0d8876c098fa302ad18dde0f3e3e3b313de877b6a83b9041a89af
-
SSDEEP
12288:wK9eJ5i7Bz7Dr8ARWBXk/zEfDKtF3thxdWD6XnT3XU6rP:noJ+DgPByzJHLnLXU6D
Static task
static1
Behavioral task
behavioral1
Sample
Order MJIMP 008.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Order MJIMP 008.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lamcopaper.com - Port:
587 - Username:
[email protected] - Password:
@@Lppc11988 - Email To:
[email protected]
Targets
-
-
Target
Order MJIMP 008.exe
-
Size
702KB
-
MD5
85614b7101c98396ed9fdc14222e563b
-
SHA1
cbc9f72d36818e6c1918c86bc56178f92802d7b1
-
SHA256
98206390a847ef2600f916f0076f687d5261ff98ca02b5292fdf44017ca0e006
-
SHA512
c123cc701be5ac9a667f3b2617fdb25996f6b46b3aca1cac027d14e76fda4d9a71b17031bcc6dbaf2bc5455184e59377fa39d72cccf133d384523419cbd47fa0
-
SSDEEP
12288:Wb/1eJ5e7nzXD1uARs1XbQfzQfDKDFHtX9dW323tfZXOdaG9uq3kR:Wb/gJgDsR1r4zVXHtBXOf9uqi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1