Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9
-
Size
872KB
-
Sample
240625-cs245ayfrk
-
MD5
278bfeb8f64cfcc51cccff93488e291a
-
SHA1
325411b1d8332d4f7caeafbb010860bd65a97c0e
-
SHA256
72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9
-
SHA512
6d460ea4e539a074c844b01b89647a85c646413b4fb386510874627001310a9a51d1c20969db094d28156086ba4927308d9c3c250e9e5869879f9854b6abf93e
-
SSDEEP
24576:mCTipRko9TNTGuugxbFcEyJFAGV1YLj+TOQDL:mCwkoFN/xdy/ALv+NL
Static task
static1
Behavioral task
behavioral1
Sample
72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
Asaprocky11 - Email To:
[email protected]
Targets
-
-
Target
72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9
-
Size
872KB
-
MD5
278bfeb8f64cfcc51cccff93488e291a
-
SHA1
325411b1d8332d4f7caeafbb010860bd65a97c0e
-
SHA256
72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9
-
SHA512
6d460ea4e539a074c844b01b89647a85c646413b4fb386510874627001310a9a51d1c20969db094d28156086ba4927308d9c3c250e9e5869879f9854b6abf93e
-
SSDEEP
24576:mCTipRko9TNTGuugxbFcEyJFAGV1YLj+TOQDL:mCwkoFN/xdy/ALv+NL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-