Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1835DIR231029551-CRE001.exe

  • Size

    37KB

  • Sample

    230203-l9m6zaeb62

  • MD5

    3b28693a81f4b8e8bc34a5f3c163a11d

  • SHA1

    48e78c0bd2083959c284224107e83d8d7dbd4edd

  • SHA256

    597e90cad10af3bd4de583ac05b15e5697e0a57b7853fb4fca7fc8a0f7acc24d

  • SHA512

    22d9c4e46e76fcd80aca7d3e2a407498ef1116f5eea00b48454f5f3d295fe24621d1243b5659a6557a75c93d315b6ff80bda1729f3bbadec7c83986c6c90835f

  • SSDEEP

    768:ievZNsOyQ1TxGK+RDYRXsYgHa6t+S2Uqt5RYVMgE4O4v:vNsOv1T4K+RDKXS6++SHqtfYC

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      1835DIR231029551-CRE001.exe

    • Size

      37KB

    • MD5

      3b28693a81f4b8e8bc34a5f3c163a11d

    • SHA1

      48e78c0bd2083959c284224107e83d8d7dbd4edd

    • SHA256

      597e90cad10af3bd4de583ac05b15e5697e0a57b7853fb4fca7fc8a0f7acc24d

    • SHA512

      22d9c4e46e76fcd80aca7d3e2a407498ef1116f5eea00b48454f5f3d295fe24621d1243b5659a6557a75c93d315b6ff80bda1729f3bbadec7c83986c6c90835f

    • SSDEEP

      768:ievZNsOyQ1TxGK+RDYRXsYgHa6t+S2Uqt5RYVMgE4O4v:vNsOv1T4K+RDKXS6++SHqtfYC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks