Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2cd5dbd4dc815734edf7be4cb6b68ae0_JaffaCakes118
-
Size
497KB
-
Sample
240708-sss48avgkp
-
MD5
2cd5dbd4dc815734edf7be4cb6b68ae0
-
SHA1
f26bb84555eb01073294e0c9b9a9659e377ca695
-
SHA256
65cf63b950f32653a891754d6b52686a4de351a3aeb1324907d3b7c4cc7282f7
-
SHA512
bb26b6f181aa686692f0e34b28fab46e62dba20d00d28dc9395497498d0a826dc4ea1e70103b4aa86702085c3f2a6fceeee6943f87aca73e990c756a7e9be544
-
SSDEEP
12288:f3QT+2UNiASP5Q+M635lH4cVEuhc1Jupj6Y+MuzqLWUrqNQS2B1S:LNiASxQMjH4cVVNpj6Y+7zXRr2B1S
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER.exe
Resource
win7-20240708-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fakly-cambodia.com - Port:
587 - Username:
[email protected] - Password:
Mmhh#2014
Targets
-
-
Target
NEW ORDER.exe
-
Size
740KB
-
MD5
161eb73b1e04a20bad1b9f47716abe8d
-
SHA1
0fc916438fb79d83b1232a9c6913a599ffa5c641
-
SHA256
5ae71498e3b1d2707c84bcd6f43566b8834f310dccafd64ef81e54cbe7ac4b01
-
SHA512
1b27317105bf51911ad5e355bea51278dbf49d72365171eba914bfd612a40839490d073be4bd9974a9d51330c869b8aa18b88c860e19869249a533df18498d50
-
SSDEEP
12288:ADX3jNNQniCpB5A+W6nRHDWcVYuhi1xaDjuY+wuzaLWUrm9Osd:ADnjNNwrAU5DWcVZPDjuY+fznjH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-