Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Halkbank_Ekstre_20191102_073809_405251-PDF.exe

  • Size

    273KB

  • Sample

    230505-pjxjhacc71

  • MD5

    9326352797b86810855d22c81b5b6cd6

  • SHA1

    60a64fda0b9a1f68aeb5c481e54fc4cfaab1f99a

  • SHA256

    0113a0681674a5ce9fc9d80f924a196ffb7471f550fd79f2e49356b7e4e76cb5

  • SHA512

    7239b860606b499f0fa8c942f3f598f6429c469b9aed7896d4c60f318d57a452101ed23e2561aaa0331932c878756a438b3c5020f6fbba9afdccf368122fac27

  • SSDEEP

    6144:pYa6KyZJ06lDFyA08T+uhI2B2T6xoK+QUoc2a094ZQQ5U0yK:pY8y86lDcAV+l9OOFxSpK

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6261006732:AAFiMpPz79k5Wkkw0xvICpfaipqXFQbQmmo/

Targets

    • Target

      Halkbank_Ekstre_20191102_073809_405251-PDF.exe

    • Size

      273KB

    • MD5

      9326352797b86810855d22c81b5b6cd6

    • SHA1

      60a64fda0b9a1f68aeb5c481e54fc4cfaab1f99a

    • SHA256

      0113a0681674a5ce9fc9d80f924a196ffb7471f550fd79f2e49356b7e4e76cb5

    • SHA512

      7239b860606b499f0fa8c942f3f598f6429c469b9aed7896d4c60f318d57a452101ed23e2561aaa0331932c878756a438b3c5020f6fbba9afdccf368122fac27

    • SSDEEP

      6144:pYa6KyZJ06lDFyA08T+uhI2B2T6xoK+QUoc2a094ZQQ5U0yK:pY8y86lDcAV+l9OOFxSpK

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks