Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    697KB

  • Sample

    220914-b64dnshad9

  • MD5

    14e62ca81e378794b0eb078878c0b8be

  • SHA1

    5e2ca8e676b9d42322eaad207bcd0fcbd2c92170

  • SHA256

    9ef89e25f98605401317fd551f219e2b26e673f0956ce790c0e289d57ecf52bb

  • SHA512

    5f953a0a111950f76b1b1d16abca015eb5e6b1460ccfc0055a6cb720a5794b46884fad4c24922682c2c262db2a817c9b2c4dc5f8ca7b87129764c64218da63fe

  • SSDEEP

    12288:txhno0ICm0jzjetkW3ra0p5GBLGvGZT68d/P4hwHYj2krvJN:tfno0ICm0natkKGWGZTt4hw4/9N

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      tmp

    • Size

      697KB

    • MD5

      14e62ca81e378794b0eb078878c0b8be

    • SHA1

      5e2ca8e676b9d42322eaad207bcd0fcbd2c92170

    • SHA256

      9ef89e25f98605401317fd551f219e2b26e673f0956ce790c0e289d57ecf52bb

    • SHA512

      5f953a0a111950f76b1b1d16abca015eb5e6b1460ccfc0055a6cb720a5794b46884fad4c24922682c2c262db2a817c9b2c4dc5f8ca7b87129764c64218da63fe

    • SSDEEP

      12288:txhno0ICm0jzjetkW3ra0p5GBLGvGZT68d/P4hwHYj2krvJN:tfno0ICm0natkKGWGZTt4hw4/9N

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks