Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c11fd5e849339af078eb9ff7344b4d45f8d86e45a11285142ecfe28fbd01b243
-
Size
336KB
-
Sample
240430-bepffaff45
-
MD5
fc69aae977bd3c5a56d4acce831dbac2
-
SHA1
fb86b1fca4340e6ac163aeb638acd83dff4f52f5
-
SHA256
c11fd5e849339af078eb9ff7344b4d45f8d86e45a11285142ecfe28fbd01b243
-
SHA512
ea24470a046528a8649e64658f49a85543820e807437eb0ff79a1e92232641f2b215b46fc7fa2b57f4074ea3b9e3be42463c23ae832dbcaf1319cb91cf5dc4c5
-
SSDEEP
6144:2EXaFJkKXiDU7wI4wdY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVy4MINAwKY:2AaFiKXKPwk3bVy4MIKwKBZ5QjKss
Static task
static1
Behavioral task
behavioral1
Sample
c11fd5e849339af078eb9ff7344b4d45f8d86e45a11285142ecfe28fbd01b243.xls
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c11fd5e849339af078eb9ff7344b4d45f8d86e45a11285142ecfe28fbd01b243.xls
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.officeemailbackup.com - Port:
587 - Username:
[email protected] - Password:
)o!yHrsuTG#e - Email To:
[email protected]
Targets
-
-
Target
c11fd5e849339af078eb9ff7344b4d45f8d86e45a11285142ecfe28fbd01b243
-
Size
336KB
-
MD5
fc69aae977bd3c5a56d4acce831dbac2
-
SHA1
fb86b1fca4340e6ac163aeb638acd83dff4f52f5
-
SHA256
c11fd5e849339af078eb9ff7344b4d45f8d86e45a11285142ecfe28fbd01b243
-
SHA512
ea24470a046528a8649e64658f49a85543820e807437eb0ff79a1e92232641f2b215b46fc7fa2b57f4074ea3b9e3be42463c23ae832dbcaf1319cb91cf5dc4c5
-
SSDEEP
6144:2EXaFJkKXiDU7wI4wdY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVy4MINAwKY:2AaFiKXKPwk3bVy4MIKwKBZ5QjKss
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-