Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
KANG SHUN 88 V.2315 PARTICULARS.docx.lzh
-
Size
627KB
-
Sample
240712-3hcdtsxgkf
-
MD5
7e4bfee5ce2a69050b4633f2171c3675
-
SHA1
a5641819462c8ae45b35f0f574133652dc9b0462
-
SHA256
09ecd31bed05f781b2aaf53dca9a0bffdc1a14960ff7a492a9875fa7b9751b7f
-
SHA512
626df519ecba351b0a5d8d499bcd68d055ec668aa714ee52a9322c3f3cf874b71dedec4e9ffc906697da3eb3ac7e4429ca909fba43435411c364f439d143a2ca
-
SSDEEP
12288:aXECRrOAl6xrxvNgk5JrdYIbdxQrkVcuJL8ZzRs7KXKIbq/rm4:IEEOyk1vNV51TxQoVcK8ZWKXKIV4
Static task
static1
Behavioral task
behavioral1
Sample
KANG SHUN 88 V.2315 PARTICULARS.docx.scr
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
KANG SHUN 88 V.2315 PARTICULARS.docx.scr
Resource
win10v2004-20240709-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
KANG SHUN 88 V.2315 PARTICULARS.docx.scr
-
Size
671KB
-
MD5
e45d4600131cf00689bb13af70c70c13
-
SHA1
be3911f3272494411f2cb119eccfe5c444c09c61
-
SHA256
fcb4c6602aeea8229338eab9ed2deb97c27e07601791ef19c7e43a830079e416
-
SHA512
783584018ee7904e06ede5944c21036928554b7894e32c005994b2adc37520fe8378c3f6b5711124966ab9a515fccb69c46e73702437d7ea1de17a904bbb986a
-
SSDEEP
12288:qAL5YVK+orvwYo9tHiIRi+ksmjELgWhuNFxcCkadXbbHzt08SnS2OHalFep9AH2:qg51+ZXHKYLgJxFk0XHT1+S2JlFepS2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-