Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5ff69cbeb98494c2e5c226821b9805b11aeb8d371824cfcf8b4be92df1e3a8a2
-
Size
707KB
-
Sample
240508-cjp37sfe77
-
MD5
11679b88588b80decdeac0f8dc569ebe
-
SHA1
895a0f50ea00fb43817f3b1c8a943e62599dd501
-
SHA256
5ff69cbeb98494c2e5c226821b9805b11aeb8d371824cfcf8b4be92df1e3a8a2
-
SHA512
d8a84f9c5b958e874ce1bfd1e1ffea7450aa84f362ded05478b6cb4f985bdd92f3ef2f97955f4f5fc67b529e1b9f4ea0b34bc1fb55cae720248b31a15bdb92f1
-
SSDEEP
12288:KaVPK4t9RM+n6rGOGFcOVW/bwK25N8hB+w070XJea2NlGAjkPFpm43vpLC:5tNzRM+cGwsTg+w/XQxNNjKeWvc
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASEORDER.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
PURCHASEORDER.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
N@DRpoY0 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
N@DRpoY0
Targets
-
-
Target
PURCHASEORDER.exe
-
Size
749KB
-
MD5
21cd854f5ad91b98b213a53f6177faa6
-
SHA1
27e776be127313a4111a426cbe1d983407e2213e
-
SHA256
af23f48f9e361a3e5a1cc849a5e9fc3a48408f7948390e5c2e25ac4d41ddfe2b
-
SHA512
c0351507ed3e29e2d69b8dec0095af5ebf3d46ebe0d8406380c3d0abfcd9c5fd4918018a069580bbc2184488e69904b01a1c7580a9626eebe1d21ab40665c8f0
-
SSDEEP
12288:hhc2iNT/SH6mGoGFcWVW/rwI25xBqNNEOl4FUn7sbBOiGOTvwgecW1YU:hS1cHDGU8VRqNN91EOiGOTvlw1Y
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-