Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2240ffa89dd78ee632e5b3cba2ee1752.bin

  • Size

    566KB

  • Sample

    230503-bgvegadb92

  • MD5

    2240ffa89dd78ee632e5b3cba2ee1752

  • SHA1

    20835491982298bedf1548d1e3d2568f0450cd8d

  • SHA256

    e8bc1fa2b809ab8be04a697cde6ddd4bad7a9120c60b3793f76d5fcc17d7423e

  • SHA512

    0cf7daedee1e3970b1dd77aab3bc981b2214c538380134ce60100650a5744fa5934d58725d670a0cd0a673651ddd7d5750e781fffcfa5972ce47687d8cb7bca3

  • SSDEEP

    12288:x3RsoKsa9PwTY81ldzx8T510mftHshrFNvFXcxACYZ:xBQeY81ldCL0zhrjvyACu

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      2240ffa89dd78ee632e5b3cba2ee1752.bin

    • Size

      566KB

    • MD5

      2240ffa89dd78ee632e5b3cba2ee1752

    • SHA1

      20835491982298bedf1548d1e3d2568f0450cd8d

    • SHA256

      e8bc1fa2b809ab8be04a697cde6ddd4bad7a9120c60b3793f76d5fcc17d7423e

    • SHA512

      0cf7daedee1e3970b1dd77aab3bc981b2214c538380134ce60100650a5744fa5934d58725d670a0cd0a673651ddd7d5750e781fffcfa5972ce47687d8cb7bca3

    • SSDEEP

      12288:x3RsoKsa9PwTY81ldzx8T510mftHshrFNvFXcxACYZ:xBQeY81ldCL0zhrjvyACu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks