Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    82c72d1f6afd188285e2510da83364af2a686ffa

  • Size

    817KB

  • Sample

    230203-xrzb3ahf38

  • MD5

    49c85634a86ddc630bf63c9a9f20b216

  • SHA1

    82c72d1f6afd188285e2510da83364af2a686ffa

  • SHA256

    23b733b80abf2a3de431fdc75ec1ce480c4352a92c97d5dba57a3a45cb1030fe

  • SHA512

    2082a7dc9a6f73200ed8b4f5d46b6f32b3292b67cb16f2116c5b122922e80fab548f85d0fef2009a6a38fa6341f725267308a3ef10951165cde8cf9059acb1e9

  • SSDEEP

    24576:kxeSqG4yPaKppo5TNrSOsez3ImX86F0xM:kaTS9ez4mXxWi

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      82c72d1f6afd188285e2510da83364af2a686ffa

    • Size

      817KB

    • MD5

      49c85634a86ddc630bf63c9a9f20b216

    • SHA1

      82c72d1f6afd188285e2510da83364af2a686ffa

    • SHA256

      23b733b80abf2a3de431fdc75ec1ce480c4352a92c97d5dba57a3a45cb1030fe

    • SHA512

      2082a7dc9a6f73200ed8b4f5d46b6f32b3292b67cb16f2116c5b122922e80fab548f85d0fef2009a6a38fa6341f725267308a3ef10951165cde8cf9059acb1e9

    • SSDEEP

      24576:kxeSqG4yPaKppo5TNrSOsez3ImX86F0xM:kaTS9ez4mXxWi

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks