Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9079ad27c74ba06204d72c6a182d7e389eb772c5bc80944d48a7afa2f1e1d00a
-
Size
737KB
-
Sample
240625-cdl5csxhlp
-
MD5
0d46d709a626c186dca1450cfffdf3cb
-
SHA1
69b7ee5476195292de09a124982c93c0cd147f54
-
SHA256
9079ad27c74ba06204d72c6a182d7e389eb772c5bc80944d48a7afa2f1e1d00a
-
SHA512
3c151656cdd1442c247fd965e16f684eba05dc8a867962216aa9eaa6c2f609a01c667bf8c8edce9b731171b071bd70b9acdbc7357fc282de0bee41daa11590a1
-
SSDEEP
12288:gYV6MorX7qzuC3QHO9FQVHPF51jgcCEpn2I0u4R78csiUdCdN4REFpYdc+DOqb:/BXu9HGaVHLn2zu4Rcr4d+RgpYa+DOqb
Behavioral task
behavioral1
Sample
9079ad27c74ba06204d72c6a182d7e389eb772c5bc80944d48a7afa2f1e1d00a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9079ad27c74ba06204d72c6a182d7e389eb772c5bc80944d48a7afa2f1e1d00a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7062858527:AAEM0BoHdG7fMsfm9R9w93alfsoiCiWrMxM/
Targets
-
-
Target
9079ad27c74ba06204d72c6a182d7e389eb772c5bc80944d48a7afa2f1e1d00a
-
Size
737KB
-
MD5
0d46d709a626c186dca1450cfffdf3cb
-
SHA1
69b7ee5476195292de09a124982c93c0cd147f54
-
SHA256
9079ad27c74ba06204d72c6a182d7e389eb772c5bc80944d48a7afa2f1e1d00a
-
SHA512
3c151656cdd1442c247fd965e16f684eba05dc8a867962216aa9eaa6c2f609a01c667bf8c8edce9b731171b071bd70b9acdbc7357fc282de0bee41daa11590a1
-
SSDEEP
12288:gYV6MorX7qzuC3QHO9FQVHPF51jgcCEpn2I0u4R78csiUdCdN4REFpYdc+DOqb:/BXu9HGaVHLn2zu4Rcr4d+RgpYa+DOqb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-