Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
87129f179df8c5e16bb7acdde8dd6c523bfad1db265615de14f4f340be72438d.z
-
Size
749KB
-
Sample
240423-bx6gnsbb2x
-
MD5
e9743a8d6db81c36710a8d0e44875651
-
SHA1
b5922ca028d2850ef34c829a92332c381fdffc4c
-
SHA256
87129f179df8c5e16bb7acdde8dd6c523bfad1db265615de14f4f340be72438d
-
SHA512
99e82680bccb7026d39bb7132089880cfc6b78144d6b18a480cbe24e841bcebb7ace18e9ff7d893a079b35c8870480ef5d6e4568d2a8f4a502f1182975683ed6
-
SSDEEP
12288:eeLQl+0fTFdHFycISlxd6kNW86To1V/6wxTESAKX/89KynSqck2P+NBQzVet4Bcp:e/lNLFdHFrISl/f6To/6+zA8GK6wx2go
Static task
static1
Behavioral task
behavioral1
Sample
TEKLİF TALEP VE FİYAT TEKLİFİ_xlsx.scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TEKLİF TALEP VE FİYAT TEKLİFİ_xlsx.scr
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
TEKLİF TALEP VE FİYAT TEKLİFİ_xlsx.scr
-
Size
915KB
-
MD5
2b931a284adaee1554bb7b6579d3cce5
-
SHA1
23cb896c2f8416f590ec0cb6b7d7b3b045fc16b0
-
SHA256
19d65215feee20f606dbdd5a4ed5196a96c6bc925df69ad26684a3221aec0521
-
SHA512
78d33da30acb20d3142f4112b65b97d5ad464641a78931d93021177275aff9b2e5b23c4ac55b103c7e141a19ca4ecf523bf9849276227276edc51eeb855c583d
-
SSDEEP
24576:wUr9UeNbhoxtlHh19iPoYFcERjKusTWffre1o:3rzbh6H9EoYFcENKBZo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-