Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b
-
Size
858KB
-
Sample
240716-bdff5sxglj
-
MD5
1c0e94075d35e0751f28d9051b783a47
-
SHA1
e3965ce4f88efaf02a6442ef2cf4c46a7dbd4fc7
-
SHA256
d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b
-
SHA512
a0603b79920fdaeb1925e0cfa559904c9215db6e5f9a5040a538c4538ea3407f37484ef5ac52c2cf05cfe376fe673855da8bc2708990f77683ac043cfa5d6bf1
-
SSDEEP
24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPR:/EN973PvEL2wHBODLcP5
Behavioral task
behavioral1
Sample
d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b
-
Size
858KB
-
MD5
1c0e94075d35e0751f28d9051b783a47
-
SHA1
e3965ce4f88efaf02a6442ef2cf4c46a7dbd4fc7
-
SHA256
d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b
-
SHA512
a0603b79920fdaeb1925e0cfa559904c9215db6e5f9a5040a538c4538ea3407f37484ef5ac52c2cf05cfe376fe673855da8bc2708990f77683ac043cfa5d6bf1
-
SSDEEP
24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPR:/EN973PvEL2wHBODLcP5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-