Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
24c232d17099375d0f51101a78cec4cb977a5e61d74e4b432686f7e26abb4f38
-
Size
743KB
-
Sample
240706-btsfmsthlh
-
MD5
3a57e34cebfb03d78dd5f9db380c6773
-
SHA1
a276a3238d9e8947fef824035a37eae0869958f6
-
SHA256
24c232d17099375d0f51101a78cec4cb977a5e61d74e4b432686f7e26abb4f38
-
SHA512
9eb154531ca535bc38af31ef4ca8365d4f7635cb25f53faa5c5f839c54e7f4a662ea1583f93c60c01c79bbf2b3b0c336365a1fecd1def526224e92f49a05bf7a
-
SSDEEP
12288:gZDhGVX7TrqQgv8j0oaXFeYUn3vQg3NUW3GPKuG+LD7Td2/lTd:QGVX7TrZgv8jyex3xNUW3GyK7El
Static task
static1
Behavioral task
behavioral1
Sample
24c232d17099375d0f51101a78cec4cb977a5e61d74e4b432686f7e26abb4f38.exe
Resource
win7-20240704-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.libreriagandhi.cl - Port:
21 - Username:
[email protected] - Password:
x6p2^m#1#~+O
Extracted
Protocol: ftp- Host:
ftp.libreriagandhi.cl - Port:
21 - Username:
[email protected] - Password:
x6p2^m#1#~+O
Targets
-
-
Target
24c232d17099375d0f51101a78cec4cb977a5e61d74e4b432686f7e26abb4f38
-
Size
743KB
-
MD5
3a57e34cebfb03d78dd5f9db380c6773
-
SHA1
a276a3238d9e8947fef824035a37eae0869958f6
-
SHA256
24c232d17099375d0f51101a78cec4cb977a5e61d74e4b432686f7e26abb4f38
-
SHA512
9eb154531ca535bc38af31ef4ca8365d4f7635cb25f53faa5c5f839c54e7f4a662ea1583f93c60c01c79bbf2b3b0c336365a1fecd1def526224e92f49a05bf7a
-
SSDEEP
12288:gZDhGVX7TrqQgv8j0oaXFeYUn3vQg3NUW3GPKuG+LD7Td2/lTd:QGVX7TrZgv8jyex3xNUW3GyK7El
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-