Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee
-
Size
690KB
-
Sample
240505-bkm5kada54
-
MD5
b482f2939a99aa59a86f1897ae6a259f
-
SHA1
a6785b567dcd1f65785cc26c4e7c5d58884b5e3f
-
SHA256
5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee
-
SHA512
a31a68e29f5ed846fc266ef4fa8b470af686ab7566c1854475685428f9a87995c479355106f554e075560f207c70bea1870133376f81c117d5d30d2ba1596c8c
-
SSDEEP
12288:0YV6MorX7qzuC3QHO9FQVHPF51jgc++he0u2Y/ygAkcCMBM:zBXu9HGaVHRhe9ygjZ
Behavioral task
behavioral1
Sample
5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
}7A;Adw^&~wE
Targets
-
-
Target
5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee
-
Size
690KB
-
MD5
b482f2939a99aa59a86f1897ae6a259f
-
SHA1
a6785b567dcd1f65785cc26c4e7c5d58884b5e3f
-
SHA256
5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee
-
SHA512
a31a68e29f5ed846fc266ef4fa8b470af686ab7566c1854475685428f9a87995c479355106f554e075560f207c70bea1870133376f81c117d5d30d2ba1596c8c
-
SSDEEP
12288:0YV6MorX7qzuC3QHO9FQVHPF51jgc++he0u2Y/ygAkcCMBM:zBXu9HGaVHRhe9ygjZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-