Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dpetmw.iso

  • Size

    1.8MB

  • Sample

    221020-v2cvpsfcfm

  • MD5

    ed25cc0eca6c94f2dbf6787682f44c96

  • SHA1

    2c204a23fd6f23ad22b10c0b70f90e988cd4903a

  • SHA256

    c0944f847ff90ba9cf6ddb5cc5dfd895dca2d763123385677ff4ff3445a2549d

  • SHA512

    c15a95f278415402d3066455b97f9e50c715a5b9b13a343dec58c674214a8d9df94ca1bdd38804e8c0ab9af71e9ed9dbce0ab395767e0cf1f7b574e45cad1240

  • SSDEEP

    24576:xAOcZT+NxxX3ENpR8SlcRDC14DS8BaCZ73QqQ5SOb2eYz:rRQYSlcNNS8BBbJNz

Malware Config

Targets

    • Target

      IMG17613.EXE

    • Size

      1.2MB

    • MD5

      bcd50df1014ab4d7c735c6e5347c3a1e

    • SHA1

      8e77d53b6388116cafcf49d3b2777ca1dcfe0d1a

    • SHA256

      2e64e9db47d38ba509cdd4ca9b9ca2a589c9834ac2bde1d8a6e4ea89bbc47fa6

    • SHA512

      04194528a02dd65810500977b1326c33bb57d716f72b78c128ff865223271a4543d0ef4d69fd2c3b3a8e8195391d2374c81ddf517d55b76e790d49aab10cdaed

    • SSDEEP

      24576:pAOcZT+NxxX3ENpR8SlcRDC14DS8BaCZ73QqQ5SOb2eYzf:DRQYSlcNNS8BBbJNzf

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks