Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Trojan.Inject4.6572.15229.26543.exe

  • Size

    961KB

  • Sample

    221122-p6cgvagg61

  • MD5

    37ec92d6d742fadd1d398d92153bcf70

  • SHA1

    e80d54c9b7bc5ea5dd717122a380ac62f631e532

  • SHA256

    7b2c22135a593218b38f180ac6147283ef45f35965caacec43cfb4db3aead0c8

  • SHA512

    2cf907a39b1f3aab74a5ce96f0c26839fd38c9edb476910baa66d42d48155a36a510eb7fe7c2193409eaf18f2b30411b56267700efe0fccb7132be625813ca3d

  • SSDEEP

    12288:GqSSSgsEoLpvkoYyBLeNATTO56Cfp9PyUZvkOjkTwA6j9MvFnJh8uyrTSJeAzO4q:cbEwxfiNATqvx9P9WO1GvFJn+TyI48

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5303328165:AAF7HxnjN67EBIegVs-MwZqBsR_i0699CXE/

Targets

    • Target

      SecuriteInfo.com.Trojan.Inject4.6572.15229.26543.exe

    • Size

      961KB

    • MD5

      37ec92d6d742fadd1d398d92153bcf70

    • SHA1

      e80d54c9b7bc5ea5dd717122a380ac62f631e532

    • SHA256

      7b2c22135a593218b38f180ac6147283ef45f35965caacec43cfb4db3aead0c8

    • SHA512

      2cf907a39b1f3aab74a5ce96f0c26839fd38c9edb476910baa66d42d48155a36a510eb7fe7c2193409eaf18f2b30411b56267700efe0fccb7132be625813ca3d

    • SSDEEP

      12288:GqSSSgsEoLpvkoYyBLeNATTO56Cfp9PyUZvkOjkTwA6j9MvFnJh8uyrTSJeAzO4q:cbEwxfiNATqvx9P9WO1GvFJn+TyI48

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks