Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    28de18cf90f5beb1eacb1250791b85f689ac9df67c85578f6d62adcb46fe35a1.zip

  • Size

    397KB

  • Sample

    230208-lx88nsaa89

  • MD5

    3501e3e621cf72f8bdf85322a9492141

  • SHA1

    d92661922a2c9b5a43c2cd663817a8282470c0c8

  • SHA256

    38145f2e83a343e639ad3b22c98ade7cf6383d01ce053be7cf8dd7b2b2d147d7

  • SHA512

    25d82d3bda05c39735140b3f96e8e28905941f89038687885c55a5205e5e46b9d4efce6ebe1bf4528f9e5e2db4fc10609e550a24b7c084e9cfe0870abadbecef

  • SSDEEP

    12288:C3fxQoWqCWuCCMW8Eq4NEf8IKD9iPCsNHb:sxPwqIE019YR

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      30% proforma invoice.pdf.exe

    • Size

      567KB

    • MD5

      75e1d17c8431d6b7d840fcdfe0dd9a2d

    • SHA1

      3a71b6a0b1e6bdfbe6b3ed9624f17f504072f068

    • SHA256

      efa920373efaa4bd26fb1704e6ea6cb05ed8e91b5e552db7ff2a7764ace07758

    • SHA512

      f6e9ed253e735bfd95392914d33eacd0c70057e1335b6f2564ba7d40455bec2249bb842042b866bf35c9364383ea8882adb20cd1d26f780e08dfb35d88bc9777

    • SSDEEP

      12288:9cBXiEZz7yDne7f4WYMTyPdLX2tuCAe/ZXazVt1Ek6ugpRZN7gNFSxCDH:uRJe7MTyPdLX2tuCAe/ZXazSkKacxC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks