Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
MalwareBazaar.0
-
Size
714KB
-
Sample
240722-m4ccystfmf
-
MD5
3f7c84c76dfaea941ef90605c1cd21ba
-
SHA1
992ece1862127ed2ca5ca313238919c329498d24
-
SHA256
fb37e9bdbfbb7d761432783f5a1c9da901542426bb386bb611c9ac5f2b8ad8fc
-
SHA512
6d4697e38e5e8ef4aa2f04ed5edd827da9ef20b4b1afa54570fa39187da93f9e947b02f7475ec334e56777f837650d6ba9093af07e55d96e81b6d068dc41d1e4
-
SSDEEP
12288:yfpWOhxz036s1YPTzJonZtC1bqqAv6vbTwjHsX8f+FIDAM839:yj9036skJWCtqqAowHG5Ft9
Static task
static1
Behavioral task
behavioral1
Sample
MalwareBazaar.exe
Resource
win7-20240708-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
MalwareBazaar.0
-
Size
714KB
-
MD5
3f7c84c76dfaea941ef90605c1cd21ba
-
SHA1
992ece1862127ed2ca5ca313238919c329498d24
-
SHA256
fb37e9bdbfbb7d761432783f5a1c9da901542426bb386bb611c9ac5f2b8ad8fc
-
SHA512
6d4697e38e5e8ef4aa2f04ed5edd827da9ef20b4b1afa54570fa39187da93f9e947b02f7475ec334e56777f837650d6ba9093af07e55d96e81b6d068dc41d1e4
-
SSDEEP
12288:yfpWOhxz036s1YPTzJonZtC1bqqAv6vbTwjHsX8f+FIDAM839:yj9036skJWCtqqAowHG5Ft9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-