Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8f8f098f083c7482d086b2ec3d4c38298f5c65dfea1d8fcba72e886f9f1c1260
-
Size
778KB
-
Sample
240501-cbnkeafd33
-
MD5
44ca4ba6ef061881a792bb28632eab57
-
SHA1
b1c1f629c29f893336783f097c9148cc2588c1ec
-
SHA256
8f8f098f083c7482d086b2ec3d4c38298f5c65dfea1d8fcba72e886f9f1c1260
-
SHA512
5bdab5983b48edf0d9ac82ecbb415412fd42032732918b4978595a151e53a431dccb5aa8fedec75f3ac5827161cba2ae16c2a7c82b6f7d6e01e7a8cde2d1cd94
-
SSDEEP
12288:OCPAph2UQQWr9hWvdOcApi/+Jsil/HffwWFSFlSP/:OCPAz2tNSlOc5+Jsi/Hfj0lQ
Static task
static1
Behavioral task
behavioral1
Sample
8f8f098f083c7482d086b2ec3d4c38298f5c65dfea1d8fcba72e886f9f1c1260.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8f8f098f083c7482d086b2ec3d4c38298f5c65dfea1d8fcba72e886f9f1c1260.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
8f8f098f083c7482d086b2ec3d4c38298f5c65dfea1d8fcba72e886f9f1c1260
-
Size
778KB
-
MD5
44ca4ba6ef061881a792bb28632eab57
-
SHA1
b1c1f629c29f893336783f097c9148cc2588c1ec
-
SHA256
8f8f098f083c7482d086b2ec3d4c38298f5c65dfea1d8fcba72e886f9f1c1260
-
SHA512
5bdab5983b48edf0d9ac82ecbb415412fd42032732918b4978595a151e53a431dccb5aa8fedec75f3ac5827161cba2ae16c2a7c82b6f7d6e01e7a8cde2d1cd94
-
SSDEEP
12288:OCPAph2UQQWr9hWvdOcApi/+Jsil/HffwWFSFlSP/:OCPAz2tNSlOc5+Jsi/Hfj0lQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-