Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b8d6ff46309ca17651ebe70e1b648b5266b1285b132d1e6894a589c0f852c583.jar
-
Size
137KB
-
Sample
240510-kqj5jadd8w
-
MD5
f369579943b1b2eb99f181bfd1ec9ee1
-
SHA1
8542615dc9549a829fd4083c4d92008b61611ed3
-
SHA256
b8d6ff46309ca17651ebe70e1b648b5266b1285b132d1e6894a589c0f852c583
-
SHA512
f179f636582f1a9afef6c3328d7b430b51572429c655c96a6c642b4e5b5dcf59f089a97c2f6e7a630433d1620cde78781aa09c66eda28ea38f5a1d03021508ba
-
SSDEEP
3072:9iwxL5G6715nxCz9e0/A2n1MzfbBMYy1+j93JyOc0kp4/AbUw4/p:LxFG67TxC9/ASiDScJy4qbUw0
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_INQUIRY_PDF.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ORDER_INQUIRY_PDF.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6921829812:AAEnJSJNfX1IyXT3BfHBFaRrW9XkEjVZMFs/
Targets
-
-
Target
ORDER_INQUIRY_PDF.exe
-
Size
236KB
-
MD5
83e8748124bf874c784ce28d0dcd33f6
-
SHA1
72006aa1d15993cdaa5790f49acbfea0da3ed726
-
SHA256
c11bc6cda3987c89debad64d01c2e8d425d809e45db19c46d826f944891c1efe
-
SHA512
d6ccc82440201f96903e274959c78dbd44f95681294d1a55426063eb2f14fc17c5301171a7b401e5e2e44d19a6cc366372e2275c358832eed52f3aafd0058085
-
SSDEEP
6144:4du7zrlg25KFpMXp58+DDqFnvhydhcoKQ:frowXDDQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-