Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PURCHASE ORDER JF&I Packaging.doc

  • Size

    1.6MB

  • Sample

    230207-rtm4xsfd4v

  • MD5

    34abb90224f8b4fd057e8fa8f5a3eb0b

  • SHA1

    8199cd6f8fba690059d7b8cac0627deba569d78b

  • SHA256

    172e6a908015dd956c606d2efa00ee8fe6ed43cd9000631dad346227e0ef5450

  • SHA512

    6606af8c45f342f9346820184fa0b920fd15d4e2475c90ddaedd60b67622d7ec7b9605ff5210dfd2eea3c068b6472d3bad43cff48f8821ae3533293aaf408305

  • SSDEEP

    24576:XqG17EWl3Eq+1pQ3v3qb29mxmF2KXT4tFswg9ogPMGwJ8aswWVeq8smDiZvMCong:t

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PURCHASE ORDER JF&I Packaging.doc

    • Size

      1.6MB

    • MD5

      34abb90224f8b4fd057e8fa8f5a3eb0b

    • SHA1

      8199cd6f8fba690059d7b8cac0627deba569d78b

    • SHA256

      172e6a908015dd956c606d2efa00ee8fe6ed43cd9000631dad346227e0ef5450

    • SHA512

      6606af8c45f342f9346820184fa0b920fd15d4e2475c90ddaedd60b67622d7ec7b9605ff5210dfd2eea3c068b6472d3bad43cff48f8821ae3533293aaf408305

    • SSDEEP

      24576:XqG17EWl3Eq+1pQ3v3qb29mxmF2KXT4tFswg9ogPMGwJ8aswWVeq8smDiZvMCong:t

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks