Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
88aa77882d7e69a37c5cedab4fa43eb8229408e0b58f507e243b41c46b9d9bf1
-
Size
3.3MB
-
Sample
240430-b7l6sahd2v
-
MD5
7fde0912cea4e6fb3d8116be24c32f6c
-
SHA1
57ed09485abc955a0617b78a25cd56cdbc99590c
-
SHA256
88aa77882d7e69a37c5cedab4fa43eb8229408e0b58f507e243b41c46b9d9bf1
-
SHA512
10baf8b80e680e43039b56dac4d4afbf48b70e2ca94c9794dea601cadf8c0222770db4d8fb5059cca850f98e9338831edb5af36d4edac04b710d87eb426e94c7
-
SSDEEP
49152:5p98Mq2HVhpGkTG1/1MCLAg3Jh6n/eI5gpnrzTauqEv6P52/aCg91N8gC97Lyj:5R1hMdSwBL6bgdncXCg9H8vpej
Static task
static1
Behavioral task
behavioral1
Sample
88aa77882d7e69a37c5cedab4fa43eb8229408e0b58f507e243b41c46b9d9bf1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
88aa77882d7e69a37c5cedab4fa43eb8229408e0b58f507e243b41c46b9d9bf1.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.svetigeorgije.co.rs - Port:
21 - Username:
[email protected] - Password:
4c5H&b2whkD9
Targets
-
-
Target
88aa77882d7e69a37c5cedab4fa43eb8229408e0b58f507e243b41c46b9d9bf1
-
Size
3.3MB
-
MD5
7fde0912cea4e6fb3d8116be24c32f6c
-
SHA1
57ed09485abc955a0617b78a25cd56cdbc99590c
-
SHA256
88aa77882d7e69a37c5cedab4fa43eb8229408e0b58f507e243b41c46b9d9bf1
-
SHA512
10baf8b80e680e43039b56dac4d4afbf48b70e2ca94c9794dea601cadf8c0222770db4d8fb5059cca850f98e9338831edb5af36d4edac04b710d87eb426e94c7
-
SSDEEP
49152:5p98Mq2HVhpGkTG1/1MCLAg3Jh6n/eI5gpnrzTauqEv6P52/aCg91N8gC97Lyj:5R1hMdSwBL6bgdncXCg9H8vpej
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-