Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    901bdc59c476cc6bb91e7bd3716436f972c176094c4479a8309e5560362192ec

  • Size

    1004KB

  • Sample

    230307-l36dzahe98

  • MD5

    569ef44d486d4161655af3633d73a5ae

  • SHA1

    8f280d6e650835cdfeb60d406a9b81fcaa0a0f33

  • SHA256

    901bdc59c476cc6bb91e7bd3716436f972c176094c4479a8309e5560362192ec

  • SHA512

    74d83f76cbfc112a2f4d3d6b9e102166959836b491e8f6a7d0f473743191ee872aa2fe0fea8b32306a17001ef7a107f1f5af0a660c048ad763d4f48f6c35d8fe

  • SSDEEP

    12288:dHX3FBVmNUfqBe4isYJCM6KV9ZGOY91hb1udYjUGUQ6MPRAhTymycFdNDWnL6:9zYNUfqBpWCiVv2931uCRPRgPyq

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      901bdc59c476cc6bb91e7bd3716436f972c176094c4479a8309e5560362192ec

    • Size

      1004KB

    • MD5

      569ef44d486d4161655af3633d73a5ae

    • SHA1

      8f280d6e650835cdfeb60d406a9b81fcaa0a0f33

    • SHA256

      901bdc59c476cc6bb91e7bd3716436f972c176094c4479a8309e5560362192ec

    • SHA512

      74d83f76cbfc112a2f4d3d6b9e102166959836b491e8f6a7d0f473743191ee872aa2fe0fea8b32306a17001ef7a107f1f5af0a660c048ad763d4f48f6c35d8fe

    • SSDEEP

      12288:dHX3FBVmNUfqBe4isYJCM6KV9ZGOY91hb1udYjUGUQ6MPRAhTymycFdNDWnL6:9zYNUfqBpWCiVv2931uCRPRgPyq

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks