Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    867f3356aa9b610025c903e669695dfa.bin

  • Size

    709KB

  • Sample

    230324-b6fydabe37

  • MD5

    8ec3cd79b60154d2b4efb35f218021f2

  • SHA1

    cd3c9ff661d9675212912cc08ef3fd789164f66d

  • SHA256

    61e98fdec62174e25d2155d23ef4737c991605086bb6be1458824ea661ed4bcf

  • SHA512

    caf15eda977184017398e0bdca2992573aced5af26b70567a7d254195b65ced6c77801afd8b9ffbb3ed9c28a5c72e60cad92c54594102b64439870f8e7831627

  • SSDEEP

    12288:8JPPfj4G1pmcSdUnUkunfgfNtosWL0OgFbHAaMLcC2nhggMaRuaOl5eGM7Qr:8JnfjLmRkunfOtuL0PFbHAawt2njMaR0

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      8ab437ed1b348f24d6a58965cdc27a3e23cfc82fef4456bd3623f739abf196a9.exe

    • Size

      780KB

    • MD5

      867f3356aa9b610025c903e669695dfa

    • SHA1

      82358cfdaad5a6b7ddb161f8092cf9064f72a002

    • SHA256

      8ab437ed1b348f24d6a58965cdc27a3e23cfc82fef4456bd3623f739abf196a9

    • SHA512

      e36236778395f352de7ff721b7f6eaa994c6169cea95a664c1c6dcbdfdfd92d4af3d5cde152abcc0d38f037c9859f992f27bd774c59c80280d7306b48591f014

    • SSDEEP

      12288:iqTQOM8aRnyOIh+KciczIcc/STI0mI0zfBe66+47o7Oh+8GFWu:59JafCczjc6j0z8zdcZ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks