Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b24f91678b1ea52dfb9b6b2ed16cb5ad6cf9dea8b62788ebf07013473be26469.zip

  • Size

    721KB

  • Sample

    230308-mf75qaeh7y

  • MD5

    6bd7be7946bc85720c40e8a9f174f0de

  • SHA1

    251ed23a0a852d8fb5be3f9784b180a1bc73b166

  • SHA256

    ffaaea95eb209c78be33b54c3f7a8fde11636a68622e9c941817e1fb95356b77

  • SHA512

    f20b075fe0fffab773a4e2f2fe1f517a2455b5c2473223c71fba9f4f213e84c665259190baaf4bcde37ec1ba5644b793e27ebf4d3d21e73b684cffdacecce9af

  • SSDEEP

    12288:x8cNng2w+u2fc01EwmlXsKvyQ6XCT1C2ccdMY5HcQrxq1HTshkyLu8kW:xTNng2c4cjXTlYCY25MY58aq1HwtuLW

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Pagamento,jpeg.exe

    • Size

      866KB

    • MD5

      b2365f9bf7c265399ea9b8509b66e9f4

    • SHA1

      8e0908c7655d5e82edef84667063eee0208a47e3

    • SHA256

      4bc2eb04a6c26b53567b75b2b1a7269ba31b13d69234dbd16d029f6265656061

    • SHA512

      f0d804cb6a7647fcbf5da4e380033ec9697d26cf26c85c3edfc5feafc3c3f5e8399b3c4a570ebf51ea432f2a322320b3be5b919d357c291f620c19790845e07a

    • SSDEEP

      12288:HTa/5u62iNVd0cPnlpDcbz6cyyxVv7Vbl9d74iYwLStOc2b4HV9Tx4uJvYpG:za/5u61Xd0Glp6xndUiYwLStOc2mVBl

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks