Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    74fb6007f48149d0a4b996f204e6768f

  • Size

    341KB

  • Sample

    230323-cb79tach29

  • MD5

    74fb6007f48149d0a4b996f204e6768f

  • SHA1

    e45780ba08cbd85a8442711f5d34613e507a3947

  • SHA256

    8699ef45ad0a3e022e1701326c311b8b75312e34ba585c085c11d8e1a2aa5e7a

  • SHA512

    b73b95b82511e0ecce4c62fd547854dd41ced6674c4543505fae078d7ce03847caaa41239a71c8019a6f0fa7f514aef451d54022bc3e64913bde0470afaf1363

  • SSDEEP

    6144:/Ya6DEZrI9xTgIkXIitJ+9pc/LNdbw3ca73VX1UcIxyOYiJg2I:/YB9UdS9G/LNdbw3ca73N1YyP0a

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5083863399:AAH9g72QTdN88jNOd6_tBrE8gEd-FpXnfHE/sendDocument

Targets

    • Target

      74fb6007f48149d0a4b996f204e6768f

    • Size

      341KB

    • MD5

      74fb6007f48149d0a4b996f204e6768f

    • SHA1

      e45780ba08cbd85a8442711f5d34613e507a3947

    • SHA256

      8699ef45ad0a3e022e1701326c311b8b75312e34ba585c085c11d8e1a2aa5e7a

    • SHA512

      b73b95b82511e0ecce4c62fd547854dd41ced6674c4543505fae078d7ce03847caaa41239a71c8019a6f0fa7f514aef451d54022bc3e64913bde0470afaf1363

    • SSDEEP

      6144:/Ya6DEZrI9xTgIkXIitJ+9pc/LNdbw3ca73VX1UcIxyOYiJg2I:/YB9UdS9G/LNdbw3ca73N1YyP0a

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks