Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
92b8e93c694b111af7c04d32f857974122aa84c7e38931feff5ab3f41a73bd98
-
Size
4KB
-
Sample
240807-m19t2sxerr
-
MD5
4c977c551c3f7e6140c0b60025487f87
-
SHA1
049c3092461727c215cee78108f78815777b2edc
-
SHA256
92b8e93c694b111af7c04d32f857974122aa84c7e38931feff5ab3f41a73bd98
-
SHA512
537be9630a750171d9ecefcfe202d0dcb56e4b5c2e10595a2fd9f3fe015d9436aaf82ba990b84d2d0a07d45dacec0f6c6865e6724368517f5318c3d1b25c9c13
-
SSDEEP
96:vRUFkDqfJX7ZMOsFXzeNCCFFeazF/tP0Zh9uPDvDC3tOSB:++qfJX9MO2zeNCUFeYcZjurbSB
Static task
static1
Behavioral task
behavioral1
Sample
SOA PAYMENT.vbe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
SOA PAYMENT.vbe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
M992uew1mw6Z - Email To:
[email protected]
Targets
-
-
Target
SOA PAYMENT.vbe
-
Size
12KB
-
MD5
fbd428b36af66d92efc3d5b745bd0027
-
SHA1
5861ff074403f6783fc2b7c75a9dbf0ce593c077
-
SHA256
fee12dd38f4e7bddb43d88c548a49eca31bda69c74fe73eb65d04e53f00bf749
-
SHA512
3f586ee2b17c786e64e1b0244824ead9334b81d6284b38f59f2fcce02fea96650315b66077f01297248ddb9d23d76f2d6d7731ebb8d7b8f212e2e463642eebef
-
SSDEEP
192:vPcUXIssSUHci9rEi43NIr+MJXgu/ALk41LS8aF+OLLluK:sUXIsspep3NqJwuIo41vakOdT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-