Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Meidoh RFQ IND.2023.exe

  • Size

    332KB

  • Sample

    230213-hyrs8sba3w

  • MD5

    889ce644fc58e8493c76fdc886340bb9

  • SHA1

    11826787f0f2fcf9d2c959b9e992f1639b4938ba

  • SHA256

    08477ca70902dc2098c13b61d3661c0defe17a1e42195cdc6b1bdb7af2d98e2d

  • SHA512

    5c7331db00b0188e5db661061bf7d4bb426d51906e4193e3e6ff588089b335ab0f4c6aa2a8f02efc79b3b41405c2e44a2385f97d828cba481ad7f4474d6d2d34

  • SSDEEP

    6144:vYa6vOKlv2G7Pqj+tDlfhnQjbNKA/eYaLJMqTqoFZOR79j208j:vYtxlv28qjYDpn/XTJ27R8j

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Meidoh RFQ IND.2023.exe

    • Size

      332KB

    • MD5

      889ce644fc58e8493c76fdc886340bb9

    • SHA1

      11826787f0f2fcf9d2c959b9e992f1639b4938ba

    • SHA256

      08477ca70902dc2098c13b61d3661c0defe17a1e42195cdc6b1bdb7af2d98e2d

    • SHA512

      5c7331db00b0188e5db661061bf7d4bb426d51906e4193e3e6ff588089b335ab0f4c6aa2a8f02efc79b3b41405c2e44a2385f97d828cba481ad7f4474d6d2d34

    • SSDEEP

      6144:vYa6vOKlv2G7Pqj+tDlfhnQjbNKA/eYaLJMqTqoFZOR79j208j:vYtxlv28qjYDpn/XTJ27R8j

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks