Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d51eeb953fe93e273aa16f5ef22619fb_JaffaCakes118
-
Size
569KB
-
Sample
240908-1dfvcayepd
-
MD5
d51eeb953fe93e273aa16f5ef22619fb
-
SHA1
db06a2c7b81a149dbf4e1bb7e14384c9db7cf4db
-
SHA256
9d5d5220565e4ff60c4a08dcaa73f074ae75a92dc7158faea742d79ba9efdf1d
-
SHA512
6092ac213f6ca44334ff1ff52233355f5c5d593d4e50fdb7646edcb3d0654885f5e7191fbe977640d4f48adc29e7ec76265db18bdf9d57cab7c19286d2fb0c06
-
SSDEEP
12288:sg3sGebKqNOGk9uzWmPyfYXnMYDMkcTZby7Oc3ZnjPVPUStRlvY:sqsGebKql3MS0ZCd8
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fakly-cambodia.com - Port:
587 - Username:
[email protected] - Password:
Mmhh#2014
Targets
-
-
Target
New Order.exe
-
Size
1.0MB
-
MD5
da2b28ff7945825e56de25f06cdeae07
-
SHA1
6039230ca4a9844b94f894f0411d2fc2049dd3ea
-
SHA256
213d438ca097826c2ef69d2fa9210cc760825f4be66460ab90bd31452e47c79a
-
SHA512
21244ff4127b19f3f0aa873a4f2eb4dbfb9082c1e6bdfce843582aeb4a34063776d6e0ff0e3d67a7bf898f7fbac0648b7491f5e12f26aa138286e3926878c1ba
-
SSDEEP
12288:CgTgwI1Ih2uPkWPC1YbHMYVMCcZvbyROa/6DOKFHm:MwIeFTMMMvml6rFH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-