Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    afad92aadebdb6f56095db58259144d8.bin

  • Size

    504KB

  • Sample

    230504-cbwk1she84

  • MD5

    e87f963c447ace45571eb37473913005

  • SHA1

    3705fb9b1edb3b1b75ffbfc0f1bae3b6cecf183a

  • SHA256

    414a794ce8428105131f7dedca430fcf38c01da4f28d76e670345f80414cc054

  • SHA512

    91d3deedbbf6f4ecf058d649d286d0cdce405c17008fc90d6b2717d789f670b455e7961cbbf58daec381532f7c4c4b8d4bd6aae0d58c33e6a65ac6fdb2783d00

  • SSDEEP

    12288:yhmUFYFniJPAXdX8lQY2tCmOvCnc1KzZ8FvwsWVh+6J8raNF/w:yhmUFM5dMlQY22iqwsKh+YF4

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      cce03ee9cac9ccbacb587c0fb5426aa0435a9e1278d0d5472ab0ae06139687ed.exe

    • Size

      581KB

    • MD5

      afad92aadebdb6f56095db58259144d8

    • SHA1

      bbb5d8761ede6a1e546fc4ef1475f8dd9f96a281

    • SHA256

      cce03ee9cac9ccbacb587c0fb5426aa0435a9e1278d0d5472ab0ae06139687ed

    • SHA512

      53c41d584f6d59adadf66fb3d0df61314d956f5f1bf6f178ac66bffa2bc490734fb4f0df86c7a971b5becacb627305e90f47ee2ad58d4dae395dd0b4870a876f

    • SSDEEP

      12288:7gZmvFtZnvpXyLnoNScEnURpSL0zBCOcv3Urqxqtx/qcPP76:ImvZnv8LoI3ypSQzBCvvkrqkRm

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks