Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9b781f4e9bbd1433c696257ec61de538c7d605921fd71bc92733abc28ba95b53
-
Size
726KB
-
Sample
240802-b7hhlataqe
-
MD5
8afd510bacdd19a51f06c69209ee54c4
-
SHA1
c85a198a09f62d7ed303ad3d9d14e29ce89f66e4
-
SHA256
9b781f4e9bbd1433c696257ec61de538c7d605921fd71bc92733abc28ba95b53
-
SHA512
d0242a2b54bc8f79e65aba59e0c0a27852c64423cc97a7741386fdada30ba190df3d1c90822e170351cba8e0407d32e12474cf4a139a70d5743c5884e4ffe09b
-
SSDEEP
12288:flRd9Ps/rbtcjJXRX+bQSjnqTfqf/KCboygiEsmRp48A6bbJSbQoZ486VBjl+d/B:jqcjJXRObQS2S6WPFVyFSpKnBU+NcKA
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER PURCHASE.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
NEW ORDER PURCHASE.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
phoenixblowers.com - Port:
587 - Username:
[email protected] - Password:
Officeback@2022# - Email To:
[email protected]
Targets
-
-
Target
NEW ORDER PURCHASE.pif
-
Size
760KB
-
MD5
cde7970091a0b3fd19f7f8f3a855b583
-
SHA1
6c55f16de86b9dc9052c5e2fe2d94ce6d7e79e9e
-
SHA256
8f58aa2f3549e2b9449f530eb6bf91bb4b0be997b97c65245aeb99baa55fdfb9
-
SHA512
19bd3514fdf5d0ff6b47268795bd13c03401d6adb74553e578b7bf40b1c5219ebb7fd40c9f587ff8cf1f3a1f7d834ac5cb006c66d0374badc7d897033625cdeb
-
SSDEEP
12288:zU3929BC4rqhpfVIbQMjRq/3ml/bCoygRFg+48MMOI/bxqbyoZ48oLBbl+d/WDwt:zU89BNuhEbQM62UPjZU/lqjY1ZUW8t
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-