Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b82e673efd6472e2ddb1dd3f03e96314_JaffaCakes118
-
Size
1.2MB
-
Sample
240822-szzwcavbrd
-
MD5
b82e673efd6472e2ddb1dd3f03e96314
-
SHA1
398d9545bc0416d7437f8f89489f99e9eb9394a9
-
SHA256
fc6d5dbcbfcc99e88122cf7321bfc682637f756d6bd18356d9e1c3b2ff6a0db9
-
SHA512
a55de2e079b235fb1f563183bc1a2e804020419807a9dba3894bc6ac48ccb62282bbf559e2d5496a15ed08afaef0d8cb181df09986520b74e3b4dfbf29beec8e
-
SSDEEP
6144:cAa3oTMCoO/lGqRmMZZlUeTQovmYWaq0UFyzInILgdchnIITHJ7lMRicE7E/DxPC:yAMCQA5ZZfTQa3UU5LgqnHx4/BhlAeF
Static task
static1
Behavioral task
behavioral1
Sample
PO#A91642-MRKU6307240.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
PO#A91642-MRKU6307240.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Everest10
Targets
-
-
Target
PO#A91642-MRKU6307240.exe
-
Size
465KB
-
MD5
f8b4f79a32c46e5b6959196be8e7aeea
-
SHA1
4d82774d359a2082c7114471116bd06f2422b2dd
-
SHA256
0541ad0262b771da064ddc3b939902047b6716ad73a175052874a3ff370cc4db
-
SHA512
06759793492b0667b33eb3e31e2c3a3997766a2abc27c32f1fb8819f0a3f67df4ee9570d2a8d291b074fb767479a67aa3c3a538942d68fdce49a51e953ea9cea
-
SSDEEP
6144:WAa3oTMCoO/lGqRmMZZlUeTQovmYWaq0UFyzInILgdchnIITHJ7lMRicE7E/DxPC:EAMCQA5ZZfTQa3UU5LgqnHx4/BhlAeF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-