Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e-dekont-20230206.exe

  • Size

    679KB

  • Sample

    230207-vmwn9sga5x

  • MD5

    33a5f92deee382035467caff29a8d487

  • SHA1

    7e6daec4a2a4dde0f5148df4165fa8cebb7011e4

  • SHA256

    e3b4406836308220da7989e5d539486ee1b71b4cc25a822e056993ab44675666

  • SHA512

    c2c3a2ffc2719245166a561050a0c4d9ece584dea47997bb5db1cc30885e31e2a5af3cfbb27526835b10bdda71b572c307e8704a1ac53e9119cfe63c760f66af

  • SSDEEP

    12288:vjsouJ3dUctF0KHbYXj/oNmsNjMQWwBTMYvwgScpK3J+ZBJwsscBDZn0Vx1NdB:2NUc7TbEDoNtQQWwKYvJScg63scDnu

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1063267560818233445/Ga1uL1m9HE258QH4hqiVhVH5m98lA3rsO835awvMXcR1F31nnHHfghtrbDwRtJci1Osr

Targets

    • Target

      e-dekont-20230206.exe

    • Size

      679KB

    • MD5

      33a5f92deee382035467caff29a8d487

    • SHA1

      7e6daec4a2a4dde0f5148df4165fa8cebb7011e4

    • SHA256

      e3b4406836308220da7989e5d539486ee1b71b4cc25a822e056993ab44675666

    • SHA512

      c2c3a2ffc2719245166a561050a0c4d9ece584dea47997bb5db1cc30885e31e2a5af3cfbb27526835b10bdda71b572c307e8704a1ac53e9119cfe63c760f66af

    • SSDEEP

      12288:vjsouJ3dUctF0KHbYXj/oNmsNjMQWwBTMYvwgScpK3J+ZBJwsscBDZn0Vx1NdB:2NUc7TbEDoNtQQWwKYvJScg63scDnu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks