Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
57724fb6ed72763c87c56abab1acaf92.bin
-
Size
207KB
-
Sample
240516-c72rxaha82
-
MD5
367ad54ee8da4ea9811940a18db2117a
-
SHA1
cae8ba22006d193c3a39a3699bb414bc066570ef
-
SHA256
e065b159b6204e982f96d2633ee450f52ef2adcda327656545eeb3160b4233e3
-
SHA512
56d3247125154666359e23a59a38b3452b8c60a2584cbc28f0e7ede9e4055ffccdbd37a72c56c4c58207e1dfb0d4cc7fdcf00dbfc699fee582500b24a2e325a0
-
SSDEEP
6144:vG2icGbM/5QNcMyvV77PS9wrAyilSnBjnF2GeEqw0gr6ki53:7V5BRU9S3eEqw0gro53
Static task
static1
Behavioral task
behavioral1
Sample
New Order n. 4533452041, date 14.05.2024.hta
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
New Order n. 4533452041, date 14.05.2024.hta
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bunturaja.co.id - Port:
587 - Username:
[email protected] - Password:
!@#$%,.Jakarta - Email To:
[email protected]
Targets
-
-
Target
New Order n. 4533452041, date 14.05.2024.hta
-
Size
424KB
-
MD5
41bfa760446594a9ad5d9cb19b9f80ca
-
SHA1
02ee45b860e1488cb3570d460dbba1e6eae6a226
-
SHA256
041f367ef3d1d7391917341bb6da3089f2534751a6dc10a8de23cf5196ae6a2d
-
SHA512
edc7d012d7ba64dee5461e2bd95e072bbec38852ae8d3a449a707f74136d1c8693c359e8bfc6a53b54900897f646fb87a3d7ac2054ff672ed352f30fd1332c5e
-
SSDEEP
6144:7+4t1fXGwzkAitPzmeI9OQYypkHkSVdtxQ+5iYgbAL0WMhw19+z0yhtHn9eq/+41:7JJv0ayfOb64MRycngoavbN0vBrbRMn
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-