Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6713a526ffb1f9608dfb3769e696aff9908b0fc018447639c94c71f46dfe7ebe

  • Size

    512KB

  • Sample

    221008-f99gbaebe6

  • MD5

    32acba7de5b9787e4e4b90b9b66b4918

  • SHA1

    206479b671e649c26c2e25dfafe3d7a8662407d5

  • SHA256

    6713a526ffb1f9608dfb3769e696aff9908b0fc018447639c94c71f46dfe7ebe

  • SHA512

    20eb9460c6d46e5e3f6e8e0de98ed7dc301b7a72428ddcc05587b3fa250d82fad53a20a265367c340d7ae4a73d3007055afa0218f1c1622bc8867eda0f3ca1f3

  • SSDEEP

    12288:oNSAlgqypGV/e/G7Gi2GrQJQx9Lnc+TU6yNViy:oNnlgqy0V/e41UJM9LncR6yNYy

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Golddigger147

Targets

    • Target

      6713a526ffb1f9608dfb3769e696aff9908b0fc018447639c94c71f46dfe7ebe

    • Size

      512KB

    • MD5

      32acba7de5b9787e4e4b90b9b66b4918

    • SHA1

      206479b671e649c26c2e25dfafe3d7a8662407d5

    • SHA256

      6713a526ffb1f9608dfb3769e696aff9908b0fc018447639c94c71f46dfe7ebe

    • SHA512

      20eb9460c6d46e5e3f6e8e0de98ed7dc301b7a72428ddcc05587b3fa250d82fad53a20a265367c340d7ae4a73d3007055afa0218f1c1622bc8867eda0f3ca1f3

    • SSDEEP

      12288:oNSAlgqypGV/e/G7Gi2GrQJQx9Lnc+TU6yNViy:oNnlgqy0V/e41UJM9LncR6yNYy

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks