Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2e4042a6c1b326b71ed7f15a2b030e430c1d2c70ec065505caa8dda0b4e5a12e

  • Size

    874KB

  • Sample

    221216-cs2tcsgg4w

  • MD5

    c0b0583ddcbe2652432832a401371cb9

  • SHA1

    cf8e8c41449a101d40d0de1de3f7978ebee70165

  • SHA256

    2e4042a6c1b326b71ed7f15a2b030e430c1d2c70ec065505caa8dda0b4e5a12e

  • SHA512

    6db7202bcc5e6d3f6f2c2c7c8d00011f62a7c8a7a74a7821db4def90fd7bd3df3338a434809821f8ee99497b65f2ddcc0b82afdb3a194a01c880a133f719b3c9

  • SSDEEP

    12288:lLv+IkE6J93yBQ2u89bFgpyUIzMnS9ZFzRAmlvUy3le:w9J9sT2SbFZNb1e

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.eveningdresses.gr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    KypHjRNtZ[?4

Targets

    • Target

      2e4042a6c1b326b71ed7f15a2b030e430c1d2c70ec065505caa8dda0b4e5a12e

    • Size

      874KB

    • MD5

      c0b0583ddcbe2652432832a401371cb9

    • SHA1

      cf8e8c41449a101d40d0de1de3f7978ebee70165

    • SHA256

      2e4042a6c1b326b71ed7f15a2b030e430c1d2c70ec065505caa8dda0b4e5a12e

    • SHA512

      6db7202bcc5e6d3f6f2c2c7c8d00011f62a7c8a7a74a7821db4def90fd7bd3df3338a434809821f8ee99497b65f2ddcc0b82afdb3a194a01c880a133f719b3c9

    • SSDEEP

      12288:lLv+IkE6J93yBQ2u89bFgpyUIzMnS9ZFzRAmlvUy3le:w9J9sT2SbFZNb1e

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks