Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c.exe
-
Size
2.4MB
-
Sample
241125-cgawhaxqhq
-
MD5
33c42601c5cc7ff28159c7c024dc60e6
-
SHA1
85fae67ade783ecae31a392235599b4ec7ab5b9b
-
SHA256
01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c
-
SHA512
4df9c9c508f59c94ed949eed319a9d9957de3707d82da18e85a9710470be312a69eb70567f582e75a9d94b28066be1640e01bd7ac68565eda6d02e718019265c
-
SSDEEP
49152:jKv5tHSZPcn/XLmFCoxnximwEsLknp7YpSa8+0y:GvfSZPcnTmvNwEWsp7r80
Static task
static1
Behavioral task
behavioral1
Sample
01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.svetigeorgije.co.rs - Port:
21 - Username:
[email protected] - Password:
4c5H&b2whkD9
Targets
-
-
Target
01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c.exe
-
Size
2.4MB
-
MD5
33c42601c5cc7ff28159c7c024dc60e6
-
SHA1
85fae67ade783ecae31a392235599b4ec7ab5b9b
-
SHA256
01d1c1090c58d5d76577a3354a1bc81732f2a58ada4c86f935c71a676584d54c
-
SHA512
4df9c9c508f59c94ed949eed319a9d9957de3707d82da18e85a9710470be312a69eb70567f582e75a9d94b28066be1640e01bd7ac68565eda6d02e718019265c
-
SSDEEP
49152:jKv5tHSZPcn/XLmFCoxnximwEsLknp7YpSa8+0y:GvfSZPcnTmvNwEWsp7r80
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-