Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    100 gab.lzh

  • Size

    809KB

  • Sample

    230315-vgmt6sed25

  • MD5

    6d9a4b53ccddd2d55f221b70752619cd

  • SHA1

    59bbd40e4f9b563455731ab0d3ac88f4cbf3695b

  • SHA256

    377eb922e14bd12146be4873fe968b8864cb1d6682e4f3244907add31feba517

  • SHA512

    d5acde6240d52227627f90b5279e3d33b61d9d4dd6f61010d0cb62f3499dae7e680a36e9fb81523707c1b4db6b72a8cb591ca41373d7206ef9b33095511ce28d

  • SSDEEP

    24576:5p7wYHABtDg2P55mzVT/ZwzR2lpb6JomaqIon2C:zkuOgs5kF/ER2Tb6Jkon2C

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5693068931:AAGSQSNIWDJM1FzeZVNHS020I9wVBrQdkRM/

Targets

    • Target

      100 gab.exe

    • Size

      1.2MB

    • MD5

      38462e84ce0cb6d961452e6b0e20c83c

    • SHA1

      86bf94777e67a820191cec9857182ff6d404539d

    • SHA256

      8cc7a30b218d8c4e4dbeef936290a726ebfdb9ea1b9af35dab970ce4bb5352bc

    • SHA512

      ce0c3020cdc5576d0437778db2e6521d77872a3d02c755430afdce41321c8489b2c80eff05beaa7bb8e63d3c4abc2298e3fdaca8bd2389027cf1cab4f3ec5820

    • SSDEEP

      24576:QqGnNerctUvpL0V5Uk86JsJPG8ODWfMMFR5UitDJ6Bz5d:lctOpaWo8aWfLF/f6Bz5d

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks