Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68Kp5nmURb71iQp.exe

  • Size

    575KB

  • Sample

    221017-kwh5esbdcm

  • MD5

    dbcafe45f06421e025fdd3367effe582

  • SHA1

    e671d4cef56da8b9c5813b60bc9ec4bf9d3cea4a

  • SHA256

    c17be8e772c880d5909d7b6eeeeb9c2f20fead98a67826598c56e00c6e3bdcd5

  • SHA512

    a81a95725fbc86517ab42f5fb92f8b0da9d847aa4901c0eabaa9f3432723f8c3791f1b0f2ed839a32975eefd715c4f21c3f9559387caa3f233cfc34037367b2d

  • SSDEEP

    12288:iNVw6FnoCM2qTzHcdfSFUEOA/99TZE8D8ITDBMszcXCJ:kqhvHckFU/WE8oI

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    host12.registrar-servers.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    paymentsuccessful@2022

Targets

    • Target

      68Kp5nmURb71iQp.exe

    • Size

      575KB

    • MD5

      dbcafe45f06421e025fdd3367effe582

    • SHA1

      e671d4cef56da8b9c5813b60bc9ec4bf9d3cea4a

    • SHA256

      c17be8e772c880d5909d7b6eeeeb9c2f20fead98a67826598c56e00c6e3bdcd5

    • SHA512

      a81a95725fbc86517ab42f5fb92f8b0da9d847aa4901c0eabaa9f3432723f8c3791f1b0f2ed839a32975eefd715c4f21c3f9559387caa3f233cfc34037367b2d

    • SSDEEP

      12288:iNVw6FnoCM2qTzHcdfSFUEOA/99TZE8D8ITDBMszcXCJ:kqhvHckFU/WE8oI

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks