Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8747e56c9e9e2503dc7664fde2a9be12186fc7696ab06a4e86c932f65f4f2a1d.exe
-
Size
757KB
-
Sample
240713-m6td9ayamj
-
MD5
82327d9cf26cb8125ed650a63cd16fe4
-
SHA1
7b117e9a75b039d67262e39b095721f292b93eef
-
SHA256
8747e56c9e9e2503dc7664fde2a9be12186fc7696ab06a4e86c932f65f4f2a1d
-
SHA512
c627746521bec9fccebf7739cea6d63b85557abc149651e0c65df156d8a3b3db6e91026366fd3b672d23165f8ac6d8775867b7be9b4d6571ff29ef260dd6db4c
-
SSDEEP
12288:kLsUBk7L7lPFPacXMza6afhu0N99WShm/ZebGA5QuNqztRr8K9nThtmm:msPZIcXMWfE0N9oSh+e3Wuc7QsThtR
Static task
static1
Behavioral task
behavioral1
Sample
8747e56c9e9e2503dc7664fde2a9be12186fc7696ab06a4e86c932f65f4f2a1d.exe
Resource
win7-20240705-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
UTjMgxC7qqqqG5651@@ - Email To:
[email protected]
Targets
-
-
Target
8747e56c9e9e2503dc7664fde2a9be12186fc7696ab06a4e86c932f65f4f2a1d.exe
-
Size
757KB
-
MD5
82327d9cf26cb8125ed650a63cd16fe4
-
SHA1
7b117e9a75b039d67262e39b095721f292b93eef
-
SHA256
8747e56c9e9e2503dc7664fde2a9be12186fc7696ab06a4e86c932f65f4f2a1d
-
SHA512
c627746521bec9fccebf7739cea6d63b85557abc149651e0c65df156d8a3b3db6e91026366fd3b672d23165f8ac6d8775867b7be9b4d6571ff29ef260dd6db4c
-
SSDEEP
12288:kLsUBk7L7lPFPacXMza6afhu0N99WShm/ZebGA5QuNqztRr8K9nThtmm:msPZIcXMWfE0N9oSh+e3Wuc7QsThtR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-