Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2751cfc23b245638cab026862d10e575c537c13644696556274f7114c758840a
-
Size
1KB
-
Sample
250129-bt91pazkfk
-
MD5
0a03773457f7513861c5afa028f5f5d1
-
SHA1
d4797df5db25241ea55e6c3926610b146dbb24c1
-
SHA256
2751cfc23b245638cab026862d10e575c537c13644696556274f7114c758840a
-
SHA512
44a33cf835fc3188c96f220054769b00d895f8e188b118534d6d78236a25f51862d94cfab9a0705abdb7ba8d8630f4739951d51c1b8c1e59d8ffbce78b025b8c
Static task
static1
Behavioral task
behavioral1
Sample
2751cfc23b245638cab026862d10e575c537c13644696556274f7114c758840a.ps1
Resource
win7-20240708-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
2751cfc23b245638cab026862d10e575c537c13644696556274f7114c758840a
-
Size
1KB
-
MD5
0a03773457f7513861c5afa028f5f5d1
-
SHA1
d4797df5db25241ea55e6c3926610b146dbb24c1
-
SHA256
2751cfc23b245638cab026862d10e575c537c13644696556274f7114c758840a
-
SHA512
44a33cf835fc3188c96f220054769b00d895f8e188b118534d6d78236a25f51862d94cfab9a0705abdb7ba8d8630f4739951d51c1b8c1e59d8ffbce78b025b8c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-