Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
25062024_1707_25062024_Boweitech-PO240624.docx
-
Size
16KB
-
Sample
240625-vnegdascqd
-
MD5
96ab9ded82cab1f08da63925fbb04015
-
SHA1
f01510bfbb0aba940ccae884b5bd0c1a70e36ad1
-
SHA256
7f5525e9f137916591a4648e61ef5b87399b0fa2821e580c848b3b41dbd37bd2
-
SHA512
2a038dce0006e5adeb30c5797b145758b8bfcf0d2d624e24feb07b3985a6058613fda91fa86236799fdf3a8f5bcd0c9c673e83ae7318911318983b083f7d16a7
-
SSDEEP
384:XyXXUm+Wns8PL8wi4OEwH8TIbE91r2fRxJYWvi/5Z4rs2:XcXmg5P3DOqnYJf3vu5Z4Z
Static task
static1
Behavioral task
behavioral1
Sample
25062024_1707_25062024_Boweitech-PO240624.docx
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
25062024_1707_25062024_Boweitech-PO240624.docx
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://mail.hearing-vision.com - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!
Targets
-
-
Target
25062024_1707_25062024_Boweitech-PO240624.docx
-
Size
16KB
-
MD5
96ab9ded82cab1f08da63925fbb04015
-
SHA1
f01510bfbb0aba940ccae884b5bd0c1a70e36ad1
-
SHA256
7f5525e9f137916591a4648e61ef5b87399b0fa2821e580c848b3b41dbd37bd2
-
SHA512
2a038dce0006e5adeb30c5797b145758b8bfcf0d2d624e24feb07b3985a6058613fda91fa86236799fdf3a8f5bcd0c9c673e83ae7318911318983b083f7d16a7
-
SSDEEP
384:XyXXUm+Wns8PL8wi4OEwH8TIbE91r2fRxJYWvi/5Z4rs2:XcXmg5P3DOqnYJf3vu5Z4Z
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-