Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c7bc4f44e279307955bc109deac55204.bin

  • Size

    533KB

  • Sample

    230505-x9a27ahe98

  • MD5

    8bd6c821a4bb219d48619697d27c8f86

  • SHA1

    dd56312abe633eb3a71c06fb3e730e7a6fbf052c

  • SHA256

    819416c754bbaedea5b79af75d1cc4722e5b1ce1457584a7a39eb38d0d955f95

  • SHA512

    629296d3cd8f91b43f0062c020b5c46b356961cce53f1d59d628c196af5ab3dda032039da72fd497ab73f60121283605e7d8a13ec7c28ebef8f45c095efa2015

  • SSDEEP

    12288:XFBMaPyP9wYFf1x0Ld/yk32DeFT6bztJFCxrBwstQLrg:1+aA9FmLAPG6H2wsP

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2.exe

    • Size

      656KB

    • MD5

      c7bc4f44e279307955bc109deac55204

    • SHA1

      462ba319aef5f2077d86282bbde6b8d71afe72ca

    • SHA256

      c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2

    • SHA512

      6e4477af961e05923b7580a36aa2998d6c705e4431fc7c90701de33d50f040d94ec056826e5248a0d2895dde618f25dabdfb95c5f623ef5aca87bc824a081270

    • SSDEEP

      12288:DQdi+j8KQq/flRRoF/H1JrgKY1kdrdJwAYaTpel9tGQOFaV:QRj8ytoF/VeSLJw+TpertGQOFaV

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks