Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    952KB

  • Sample

    230316-meyjwscf4s

  • MD5

    9dd97b3380058856a357c1f1185459e5

  • SHA1

    03265ace06f8556bc9778f6ec9a7d41f25aa1544

  • SHA256

    ffd22ff93a2dcc371fd090f4855494e14ebdd61fbd1c4995a31b3dfb74bade9b

  • SHA512

    cef0de270220546566cb4097ae370402209ad4955959356a9c271dcda751d7ae183e82a155de4d6ea1530be765709b27607adce615581c9d0b444c494c02697e

  • SSDEEP

    24576:vq2JThA+pEWsz5VrPH4BpvpiFDqlWUu5rVwHz:v/FSaRsDzYBvuWsU

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.huiijingco.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    lNLUrZT2

Targets

    • Target

      tmp

    • Size

      952KB

    • MD5

      9dd97b3380058856a357c1f1185459e5

    • SHA1

      03265ace06f8556bc9778f6ec9a7d41f25aa1544

    • SHA256

      ffd22ff93a2dcc371fd090f4855494e14ebdd61fbd1c4995a31b3dfb74bade9b

    • SHA512

      cef0de270220546566cb4097ae370402209ad4955959356a9c271dcda751d7ae183e82a155de4d6ea1530be765709b27607adce615581c9d0b444c494c02697e

    • SSDEEP

      24576:vq2JThA+pEWsz5VrPH4BpvpiFDqlWUu5rVwHz:v/FSaRsDzYBvuWsU

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks