Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eecdf61f19a47b61d84f48d73575337a788373567568d795108e9a54d4a1d811.exe

  • Size

    939KB

  • Sample

    230403-pg6pdsee97

  • MD5

    401d1a480f9b8dc646a7bb349b7c8af4

  • SHA1

    45939070da433b5ef38081df24620d87f38a689d

  • SHA256

    eecdf61f19a47b61d84f48d73575337a788373567568d795108e9a54d4a1d811

  • SHA512

    648a7ef49f39309c675abce53c1c0ea2fe17c9ab4bbc7480f901bfecee3f5b9076be2f74128a7d0a1bdc65c9257403a27cb5d63d16e4a89d9796285405a90f42

  • SSDEEP

    24576:gH1BndpkB/NPQNRF7kVqeYVMS0k7OTP8U1T2s0O8BD48rWHFDW+1RUr:idc/NoNP7kvkMS02OTPP5L0O8BD48rWo

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.unitechautomations.com
  • Port:
    587
  • Username:
    design@unitechautomations.com
  • Password:
    Unitech@123
  • Email To:
    design@unitechautomations.com

Targets

    • Target

      eecdf61f19a47b61d84f48d73575337a788373567568d795108e9a54d4a1d811.exe

    • Size

      939KB

    • MD5

      401d1a480f9b8dc646a7bb349b7c8af4

    • SHA1

      45939070da433b5ef38081df24620d87f38a689d

    • SHA256

      eecdf61f19a47b61d84f48d73575337a788373567568d795108e9a54d4a1d811

    • SHA512

      648a7ef49f39309c675abce53c1c0ea2fe17c9ab4bbc7480f901bfecee3f5b9076be2f74128a7d0a1bdc65c9257403a27cb5d63d16e4a89d9796285405a90f42

    • SSDEEP

      24576:gH1BndpkB/NPQNRF7kVqeYVMS0k7OTP8U1T2s0O8BD48rWHFDW+1RUr:idc/NoNP7kvkMS02OTPP5L0O8BD48rWo

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.