Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    EX776534570643699755 pdf.ace

  • Size

    474KB

  • Sample

    230315-kycenacd67

  • MD5

    b9491bfe09135071c4c6a4cb33114a73

  • SHA1

    c896bd72f3abf6087ff9c8f425aa60f5f2b2415f

  • SHA256

    d6743c07232b66f82d80878dc9ae5b43e67ea6d68bb4bda22eca9bca90887d1c

  • SHA512

    d1c0f7dd7a7a0bb29006540ddb20b20d0cb64be9bdd1c3906eb7b79f3df4b34277d13b3e5f8728ba1bfef24a9bed6ccee3b8afe27e59deeaaac6735d66ec891f

  • SSDEEP

    12288:SPzylss8YMhYPNg765a9KLvvJbINuAAZrz:Aw8YjPe90vvJqAVz

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5970985875:AAGxcS7riy4ZlEmFj2Z031AsUoRvment2iI/

Targets

    • Target

      EX776534570643699755 pdf.exe

    • Size

      673KB

    • MD5

      c807619e765372c445ac017f698cb599

    • SHA1

      f9e86104957700ee8b09c9d1608c12980de3e7d8

    • SHA256

      d4619f2c2ee3ce4f61be21cc18a66a05dc704c21e4db962ffa376ab4e60508ef

    • SHA512

      fc2ac83f3401e305a9676ad091e95ecf071f3f43f3356618152f1f9325cd63438ad88a4516903d98e3a21db9e7263212b567f188c4db2435eb1f81add2331e83

    • SSDEEP

      12288:QRE+OaItl2/qi+e0pvblMB6FmQoEGmKbk:q3CiNEeQwmK

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks