Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1d1de8443e616245656e3b49e106bcac6b3cca618fb5340183933b3270cf6494
-
Size
755KB
-
Sample
240705-bw4xfsygrn
-
MD5
f13177d6100c5c01be56800428587c9e
-
SHA1
3ac9b202448d3c5d159a379f8d2c27986d724d5d
-
SHA256
1d1de8443e616245656e3b49e106bcac6b3cca618fb5340183933b3270cf6494
-
SHA512
8b26c709fb3693cc861a627b3ed1dc840a416fc557fd843b937322a1ba4724c39de904d9aa48114eee79c4d33f0212f387938e82294bac34fb2476992a824a93
-
SSDEEP
12288:F205ofC1Pc4lwZloHT9XUHButkkbWFfHF2P1j/rO0Eg8qG9YMdA/3cwbzUh9L:FH1cXoHRYUkkbAfl2P1PBxpImFbzE9L
Static task
static1
Behavioral task
behavioral1
Sample
1d1de8443e616245656e3b49e106bcac6b3cca618fb5340183933b3270cf6494.exe
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7121198832:AAHWmvzY7jDQqG8pk3uwnutesjvQDyHyYTs/
Targets
-
-
Target
1d1de8443e616245656e3b49e106bcac6b3cca618fb5340183933b3270cf6494
-
Size
755KB
-
MD5
f13177d6100c5c01be56800428587c9e
-
SHA1
3ac9b202448d3c5d159a379f8d2c27986d724d5d
-
SHA256
1d1de8443e616245656e3b49e106bcac6b3cca618fb5340183933b3270cf6494
-
SHA512
8b26c709fb3693cc861a627b3ed1dc840a416fc557fd843b937322a1ba4724c39de904d9aa48114eee79c4d33f0212f387938e82294bac34fb2476992a824a93
-
SSDEEP
12288:F205ofC1Pc4lwZloHT9XUHButkkbWFfHF2P1j/rO0Eg8qG9YMdA/3cwbzUh9L:FH1cXoHRYUkkbAfl2P1PBxpImFbzE9L
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-