Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Trojan.AutoIt.1390.21633.8031.exe
-
Size
1.1MB
-
Sample
240530-st6rpsea92
-
MD5
349d723ecd0a2370dd03befb829bbfe2
-
SHA1
91035d07ec0a4f68cdf21a346f08a36c251cf553
-
SHA256
713d258a9f5522e345d7ecf7b82e2f69c8eaf53536ccb9d582e27d0d981861fb
-
SHA512
68e7fe24bae4a7e7e7272e37013e9d852d43a7d025bcec8354bca30ff7873f0ae5495cad39ad02fae8a43c9711ecdcddd871e12bd1d95c9d6874bb81f77bbdd1
-
SSDEEP
24576:bAHnh+eWsN3skA4RV1Hom2KXMmHam7t1SkxMEpXCm1cv7H5:2h+ZkldoPK8Yam7zS0npSmqvN
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.AutoIt.1390.21633.8031.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.AutoIt.1390.21633.8031.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5704903332:AAGQ75Wg6lHVUpPODprifDQYP0_98wUeols/
Targets
-
-
Target
SecuriteInfo.com.Trojan.AutoIt.1390.21633.8031.exe
-
Size
1.1MB
-
MD5
349d723ecd0a2370dd03befb829bbfe2
-
SHA1
91035d07ec0a4f68cdf21a346f08a36c251cf553
-
SHA256
713d258a9f5522e345d7ecf7b82e2f69c8eaf53536ccb9d582e27d0d981861fb
-
SHA512
68e7fe24bae4a7e7e7272e37013e9d852d43a7d025bcec8354bca30ff7873f0ae5495cad39ad02fae8a43c9711ecdcddd871e12bd1d95c9d6874bb81f77bbdd1
-
SSDEEP
24576:bAHnh+eWsN3skA4RV1Hom2KXMmHam7t1SkxMEpXCm1cv7H5:2h+ZkldoPK8Yam7zS0npSmqvN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-