Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e
-
Size
1.3MB
-
Sample
240713-bntrhsyhrq
-
MD5
17dd564d52077a9390e60eb9012d3508
-
SHA1
f999ba7c351d19339a6429937ff50debccc2c633
-
SHA256
3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e
-
SHA512
aa7392e578449fb74c39d93b4b475f7a4ecc40b9d85401d0e388098b94e2d726bb1309704239ac584aa5ecf9c50a21a95d7a7a2149aa045cf6662d309ac73624
-
SSDEEP
12288:ahHri/SWUqTXM+ZvZa1xVkuXvDLhY2DwTjjnwQ6N9t:aho761xzhwHVqD
Static task
static1
Behavioral task
behavioral1
Sample
3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fasmacopy.gr - Port:
587 - Username:
[email protected] - Password:
Fam28sjd - Email To:
[email protected]
Targets
-
-
Target
3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e
-
Size
1.3MB
-
MD5
17dd564d52077a9390e60eb9012d3508
-
SHA1
f999ba7c351d19339a6429937ff50debccc2c633
-
SHA256
3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e
-
SHA512
aa7392e578449fb74c39d93b4b475f7a4ecc40b9d85401d0e388098b94e2d726bb1309704239ac584aa5ecf9c50a21a95d7a7a2149aa045cf6662d309ac73624
-
SSDEEP
12288:ahHri/SWUqTXM+ZvZa1xVkuXvDLhY2DwTjjnwQ6N9t:aho761xzhwHVqD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-