Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AWB NO. 1456977583.exe

  • Size

    944KB

  • Sample

    230207-vajtyacf92

  • MD5

    67ebc475e9308c4813ba1d3f5a447ab1

  • SHA1

    3cfb41dcb765b37dfa1dfb887fd4577db2d5f037

  • SHA256

    31c4050dc647c5bd89feca0aa84d283add7e27e5a3f64866096aebca7b4f862d

  • SHA512

    48146b6d84d4ea976c2fec7d9d5c492df9b80ae81cffe7e9f3d6bd6de7b9a336d26350c03c8ec8a0533ec3fb118cc28ac3d2df5a9d1593080c9d1d05f9cb842c

  • SSDEEP

    24576:vp1LYGDkjwJsoGlWL+1zzELVYQOpRVeBlni/mW8aSn43:vp5Y5UsoGl++JELVYfpRAB1S8b

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/

Targets

    • Target

      AWB NO. 1456977583.exe

    • Size

      944KB

    • MD5

      67ebc475e9308c4813ba1d3f5a447ab1

    • SHA1

      3cfb41dcb765b37dfa1dfb887fd4577db2d5f037

    • SHA256

      31c4050dc647c5bd89feca0aa84d283add7e27e5a3f64866096aebca7b4f862d

    • SHA512

      48146b6d84d4ea976c2fec7d9d5c492df9b80ae81cffe7e9f3d6bd6de7b9a336d26350c03c8ec8a0533ec3fb118cc28ac3d2df5a9d1593080c9d1d05f9cb842c

    • SSDEEP

      24576:vp1LYGDkjwJsoGlWL+1zzELVYQOpRVeBlni/mW8aSn43:vp5Y5UsoGl++JELVYfpRAB1S8b

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks