Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb
-
Size
832KB
-
Sample
240617-bps7da1hpn
-
MD5
853b3bdb5b229602674916aba4acf397
-
SHA1
ff67bdeb85a9bd552818c092bb7187547a420338
-
SHA256
1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb
-
SHA512
3f3ba08e66cad50a96c58d11bcafb9d9647cdb12536ab58ebd962e05d05c8119f862f0550724947714e4d54828d905d02d4ded21ece9536d7f084b089d63be70
-
SSDEEP
12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcP7ZF968JT4/UXuWJeYAijFd6Ll:hBXu9HGaVHTZq/UdJ9z6Ll
Behavioral task
behavioral1
Sample
1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7288956701:AAGI8Yq8sI6l1S7vYfYKq0jwMldTgmIxjiE/
Targets
-
-
Target
1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb
-
Size
832KB
-
MD5
853b3bdb5b229602674916aba4acf397
-
SHA1
ff67bdeb85a9bd552818c092bb7187547a420338
-
SHA256
1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb
-
SHA512
3f3ba08e66cad50a96c58d11bcafb9d9647cdb12536ab58ebd962e05d05c8119f862f0550724947714e4d54828d905d02d4ded21ece9536d7f084b089d63be70
-
SSDEEP
12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcP7ZF968JT4/UXuWJeYAijFd6Ll:hBXu9HGaVHTZq/UdJ9z6Ll
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-