Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Inquiry 59901.img

  • Size

    1.2MB

  • Sample

    230207-pzqe5aeh5x

  • MD5

    56eadad40368d249cb844cd7d74ad087

  • SHA1

    68902eed64af273fd6b9b5bbc106beb2e097da10

  • SHA256

    7d78782be02addab22c18c6ff2acd356af2ae00764aa07cb6f5d6ccae8849954

  • SHA512

    fb726b9430f385de711889fcd32785364efbfdf4018fec7ab0afd2ba0ba8151991d204fb7b32dc1ae3f8a565e334eab8b48d2c4d620422a5f83ccdca5db46c1e

  • SSDEEP

    12288:sY3Lnt2qGBe8vy1zUO15sW4FKoqxGPML:sY3bUq+DvGUO16L0S

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.bonsa.lt
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    201Bon@21

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      INQUIRY_.EXE

    • Size

      336KB

    • MD5

      a2ab7106ec15430a26a4cc51b8652e90

    • SHA1

      568921c051e70728e3bda88be84229b39eb25101

    • SHA256

      a4d3f3fee4515751a055d909feb13caa9b57b004451a7593cae493865b480e70

    • SHA512

      a35d60cd0798142430f6d418d7f920850a05f881b38118cb586393510e29e6c14a14faca1f126c0db5e9646d21317b3368857bc68a672a966ad0040f9c14ca94

    • SSDEEP

      6144:yYa6xrR2TNg4m+y2qUJBBMVZ8vy1cK9tU1A15sW4FKo9wxGPM3F5v:yY3Lnt2qGBe8vy1zUO15sW4FKoqxGPMr

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks