Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    854CC0F842D4859CBCA2E39C979BF3FEC8A6D5E051B5A53C86286F8E8FD85A67

  • Size

    700KB

  • Sample

    230314-rt355shh3w

  • MD5

    1b6f9268188aad2cc59e677516a3f277

  • SHA1

    8b48baba5904d58f2e973f7fe7a434776d1d6ba2

  • SHA256

    854cc0f842d4859cbca2e39c979bf3fec8a6d5e051b5a53c86286f8e8fd85a67

  • SHA512

    dfbb5cbdaec1b1ef233953efc21c62212c4986e368dd4901abd1118d03b634ce48a0682f1db5f40cd3dec345c2a812fe47960ca34dadb285368222a7ddc843c5

  • SSDEEP

    12288:w6HB1LACXPRJtAttAA/dIDgASY+40UZwX/2E/ZABekcCIdENd0HpwCTqbDoZP8jt:ZH7ACXJJW5AgASY2UZs2E/yBnlIdsdgS

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      orden-PO-23-016124.pdf.exe

    • Size

      1.1MB

    • MD5

      24d8621ee7b70a6a24925601483e87b3

    • SHA1

      23a301dc6e66cc130e0058b5f4750764b534099c

    • SHA256

      1ffecb8a3412fd17b26039c365fb064e79b95f63bf90d91960d6899d9d433c5e

    • SHA512

      1ef22babb12b993ae34c9ed113ac8f5a844757aa4b6e44628566bc6f0aef622f75392f3953455a813afa209673e07dd66317f594005f9d18ece538d2456dc5a2

    • SSDEEP

      24576:8lzK0pQ0s5DxINyRbk5MNyN3LALuhdugI8dnjMFct2j:85ZpQP2NyRbk5130qdug7djC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks