Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
113e56cc0bb3dca13bf13c0e47a25b102b4f8e7af8b156fc7e6fcd76ba40c8ff.exe
-
Size
779KB
-
Sample
240605-r5hnksaa3w
-
MD5
c3245f5ed1ef3b1fa4065c8cb4cd27c8
-
SHA1
f3bfaf829add69d1c39a5045fba5faa02b345f20
-
SHA256
113e56cc0bb3dca13bf13c0e47a25b102b4f8e7af8b156fc7e6fcd76ba40c8ff
-
SHA512
6a9760e20b5114c56cd31cba377f9fa54812dab6e4e90f533a214b88a519e89c85a84249e02458b7a060635f755833f006134d064b828b73fc3cd36dd228d818
-
SSDEEP
12288:GQt+5v4c5nvCRzsgfZ+E40r9RqTBtF3Q0XsKNr+u9Y6vdjTOM5H0dG1qqQ24FPzn:0BtF3Q0XLCuy6vpfOeH1eCrXW
Static task
static1
Behavioral task
behavioral1
Sample
113e56cc0bb3dca13bf13c0e47a25b102b4f8e7af8b156fc7e6fcd76ba40c8ff.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
113e56cc0bb3dca13bf13c0e47a25b102b4f8e7af8b156fc7e6fcd76ba40c8ff.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.springandsummer.lk - Port:
587 - Username:
[email protected] - Password:
anu##323 - Email To:
[email protected]
Targets
-
-
Target
113e56cc0bb3dca13bf13c0e47a25b102b4f8e7af8b156fc7e6fcd76ba40c8ff.exe
-
Size
779KB
-
MD5
c3245f5ed1ef3b1fa4065c8cb4cd27c8
-
SHA1
f3bfaf829add69d1c39a5045fba5faa02b345f20
-
SHA256
113e56cc0bb3dca13bf13c0e47a25b102b4f8e7af8b156fc7e6fcd76ba40c8ff
-
SHA512
6a9760e20b5114c56cd31cba377f9fa54812dab6e4e90f533a214b88a519e89c85a84249e02458b7a060635f755833f006134d064b828b73fc3cd36dd228d818
-
SSDEEP
12288:GQt+5v4c5nvCRzsgfZ+E40r9RqTBtF3Q0XsKNr+u9Y6vdjTOM5H0dG1qqQ24FPzn:0BtF3Q0XLCuy6vpfOeH1eCrXW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-