Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Invoice No.23DF-46775.exe

  • Size

    903KB

  • Sample

    230508-qxtkfacf6v

  • MD5

    8b97b1a70e233a34a42dc72971545f07

  • SHA1

    17cdf8a99b83975664698b963c568ec299a6251c

  • SHA256

    a3928afcfa8b3e1825c9796ea9099e59e1e7ae2306fbfcc20dc3aae7c6065121

  • SHA512

    f025a66ae932bd4976a63f3319a438454bececb26f09c78a7d77000c056f7d483b2d58050ad0fb44f0c4824080b4cb3ba8c3d03699dbd398e243dcc4187187ab

  • SSDEEP

    6144:yGJK4njQgky2InEoRhUaN9B6YjrlfplKGjXWnl/bQmkLKS0fCvYafA3Zrkkn/LqY:S4nJCnGLS2nQaINkULq7nO/Ga9H

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Invoice No.23DF-46775.exe

    • Size

      903KB

    • MD5

      8b97b1a70e233a34a42dc72971545f07

    • SHA1

      17cdf8a99b83975664698b963c568ec299a6251c

    • SHA256

      a3928afcfa8b3e1825c9796ea9099e59e1e7ae2306fbfcc20dc3aae7c6065121

    • SHA512

      f025a66ae932bd4976a63f3319a438454bececb26f09c78a7d77000c056f7d483b2d58050ad0fb44f0c4824080b4cb3ba8c3d03699dbd398e243dcc4187187ab

    • SSDEEP

      6144:yGJK4njQgky2InEoRhUaN9B6YjrlfplKGjXWnl/bQmkLKS0fCvYafA3Zrkkn/LqY:S4nJCnGLS2nQaINkULq7nO/Ga9H

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks