Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6hDkZtFd2S.exe

  • Size

    1.1MB

  • Sample

    230313-qmsv6ace8z

  • MD5

    21377e758f4ee739965642b393f13fe8

  • SHA1

    edbfaed7cac6642cce909d18f8ee07aec722d874

  • SHA256

    1068cb29f89d81ad0348c72c63a90588f35b9a520e57764daeed44dc22192c1a

  • SHA512

    39f55734563fdbae2600f53bf07a68c450e76668517b25332d4f7672fc7e0409514cba19fe9fa2f01a140fb8973a95467b64e5e4b3d05400efdc8bf64a363d67

  • SSDEEP

    12288:3bq7bcal64fG2Ms7cfl9/C8JAP2f3wBt6UQEM7ef7OB8GFX0w2WbmjoaTRgkSlTF:+fKWM82faZ4gJSGCiNOyjgT7PVf

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      6hDkZtFd2S.exe

    • Size

      1.1MB

    • MD5

      21377e758f4ee739965642b393f13fe8

    • SHA1

      edbfaed7cac6642cce909d18f8ee07aec722d874

    • SHA256

      1068cb29f89d81ad0348c72c63a90588f35b9a520e57764daeed44dc22192c1a

    • SHA512

      39f55734563fdbae2600f53bf07a68c450e76668517b25332d4f7672fc7e0409514cba19fe9fa2f01a140fb8973a95467b64e5e4b3d05400efdc8bf64a363d67

    • SSDEEP

      12288:3bq7bcal64fG2Ms7cfl9/C8JAP2f3wBt6UQEM7ef7OB8GFX0w2WbmjoaTRgkSlTF:+fKWM82faZ4gJSGCiNOyjgT7PVf

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks