Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SOA.exe

  • Size

    983KB

  • Sample

    221220-nyfc4ace8x

  • MD5

    52a02ffc98df1b44ae485864a16c8ebf

  • SHA1

    a40baedc4981469c683706d2b8e050f65f335af5

  • SHA256

    a911eece29f66eec1f6b672b3070052ad362361f969076c515140d52365266ea

  • SHA512

    54a2e887b8516756dc970acb55bee080156b3effffa2dadec795aa9bd85a7830ab06204b465ea203d8ab8c7ccd2089bdc949486ab37e8a3fe75506922c8ea860

  • SSDEEP

    24576:3BQNC4AAQ82rR1dr9nLjUBZWj0VrGDVUz+PmXkmtEz6:3BQqbr98vWj01GCz+eXBw

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bG^VamX7@@

Targets

    • Target

      SOA.exe

    • Size

      983KB

    • MD5

      52a02ffc98df1b44ae485864a16c8ebf

    • SHA1

      a40baedc4981469c683706d2b8e050f65f335af5

    • SHA256

      a911eece29f66eec1f6b672b3070052ad362361f969076c515140d52365266ea

    • SHA512

      54a2e887b8516756dc970acb55bee080156b3effffa2dadec795aa9bd85a7830ab06204b465ea203d8ab8c7ccd2089bdc949486ab37e8a3fe75506922c8ea860

    • SSDEEP

      24576:3BQNC4AAQ82rR1dr9nLjUBZWj0VrGDVUz+PmXkmtEz6:3BQqbr98vWj01GCz+eXBw

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks