Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e-dekont-20230206.exe

  • Size

    679KB

  • Sample

    230207-vmwn9sga5x

  • MD5

    33a5f92deee382035467caff29a8d487

  • SHA1

    7e6daec4a2a4dde0f5148df4165fa8cebb7011e4

  • SHA256

    e3b4406836308220da7989e5d539486ee1b71b4cc25a822e056993ab44675666

  • SHA512

    c2c3a2ffc2719245166a561050a0c4d9ece584dea47997bb5db1cc30885e31e2a5af3cfbb27526835b10bdda71b572c307e8704a1ac53e9119cfe63c760f66af

  • SSDEEP

    12288:vjsouJ3dUctF0KHbYXj/oNmsNjMQWwBTMYvwgScpK3J+ZBJwsscBDZn0Vx1NdB:2NUc7TbEDoNtQQWwKYvJScg63scDnu

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1063267560818233445/Ga1uL1m9HE258QH4hqiVhVH5m98lA3rsO835awvMXcR1F31nnHHfghtrbDwRtJci1Osr

Targets

    • Target

      e-dekont-20230206.exe

    • Size

      679KB

    • MD5

      33a5f92deee382035467caff29a8d487

    • SHA1

      7e6daec4a2a4dde0f5148df4165fa8cebb7011e4

    • SHA256

      e3b4406836308220da7989e5d539486ee1b71b4cc25a822e056993ab44675666

    • SHA512

      c2c3a2ffc2719245166a561050a0c4d9ece584dea47997bb5db1cc30885e31e2a5af3cfbb27526835b10bdda71b572c307e8704a1ac53e9119cfe63c760f66af

    • SSDEEP

      12288:vjsouJ3dUctF0KHbYXj/oNmsNjMQWwBTMYvwgScpK3J+ZBJwsscBDZn0Vx1NdB:2NUc7TbEDoNtQQWwKYvJScg63scDnu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.