Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9aced2be886174e3c7a6fa2f2bd0243f.exe

  • Size

    1.0MB

  • Sample

    220915-jlztraccf3

  • MD5

    9aced2be886174e3c7a6fa2f2bd0243f

  • SHA1

    fedaa06b74907d71b567ff098f4a97258dc73509

  • SHA256

    a6541f542aee46042906a0cddb1ef3e4fdf3cae69a37c8011bb0c4fce27d6693

  • SHA512

    851ee289659d794ed55d777d0653a1f69eb2b2c4f5bb01786ebce19754069a4c638240964c4d91dee1c1c1f7ab80e008a4eb46707881c2a698a3a6ab56c7ae7d

  • SSDEEP

    12288:NMmBV7uikFgsHSEJmITKusnjeFUwG8fyN9gshRzE1ln0zlhKZiFsa3:ZBlubgREJmIzsnjeeR8fP1lnURsI

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    YAWALESS123@@

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    %2B
  • Port:
    21
  • Username:
    application/x-www-form-urlencoded
  • Password:
    image/jpg
C2

p=

Targets

    • Target

      9aced2be886174e3c7a6fa2f2bd0243f.exe

    • Size

      1.0MB

    • MD5

      9aced2be886174e3c7a6fa2f2bd0243f

    • SHA1

      fedaa06b74907d71b567ff098f4a97258dc73509

    • SHA256

      a6541f542aee46042906a0cddb1ef3e4fdf3cae69a37c8011bb0c4fce27d6693

    • SHA512

      851ee289659d794ed55d777d0653a1f69eb2b2c4f5bb01786ebce19754069a4c638240964c4d91dee1c1c1f7ab80e008a4eb46707881c2a698a3a6ab56c7ae7d

    • SSDEEP

      12288:NMmBV7uikFgsHSEJmITKusnjeFUwG8fyN9gshRzE1ln0zlhKZiFsa3:ZBlubgREJmIzsnjeeR8fP1lnURsI

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks