Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Credit Note.pdf.exe

  • Size

    567KB

  • Sample

    230208-kv19lshc7z

  • MD5

    75e1d17c8431d6b7d840fcdfe0dd9a2d

  • SHA1

    3a71b6a0b1e6bdfbe6b3ed9624f17f504072f068

  • SHA256

    efa920373efaa4bd26fb1704e6ea6cb05ed8e91b5e552db7ff2a7764ace07758

  • SHA512

    f6e9ed253e735bfd95392914d33eacd0c70057e1335b6f2564ba7d40455bec2249bb842042b866bf35c9364383ea8882adb20cd1d26f780e08dfb35d88bc9777

  • SSDEEP

    12288:9cBXiEZz7yDne7f4WYMTyPdLX2tuCAe/ZXazVt1Ek6ugpRZN7gNFSxCDH:uRJe7MTyPdLX2tuCAe/ZXazSkKacxC

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Credit Note.pdf.exe

    • Size

      567KB

    • MD5

      75e1d17c8431d6b7d840fcdfe0dd9a2d

    • SHA1

      3a71b6a0b1e6bdfbe6b3ed9624f17f504072f068

    • SHA256

      efa920373efaa4bd26fb1704e6ea6cb05ed8e91b5e552db7ff2a7764ace07758

    • SHA512

      f6e9ed253e735bfd95392914d33eacd0c70057e1335b6f2564ba7d40455bec2249bb842042b866bf35c9364383ea8882adb20cd1d26f780e08dfb35d88bc9777

    • SSDEEP

      12288:9cBXiEZz7yDne7f4WYMTyPdLX2tuCAe/ZXazVt1Ek6ugpRZN7gNFSxCDH:uRJe7MTyPdLX2tuCAe/ZXazSkKacxC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks