Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2fad9d22d71aa2c94ee5b6ef0287440e.bin

  • Size

    610KB

  • Sample

    230512-bplsasbb82

  • MD5

    da475740a2b6b228238b72d6b40341a5

  • SHA1

    71bcffb40bd50dddfff35690fe11152fcf182e32

  • SHA256

    e6fc48f226544e7d5b7fc19a7fe236624f3a0670fa4a42f73e9fc2d0d2b2cf1b

  • SHA512

    39f2b53a3d11c68cf48b3e3658be38612e1d777f851c8b09b23309eb10a8ed56a868120474de1e66dbdb387780d6adb0ed4a0eec2e64957bc676ec60f2fc5792

  • SSDEEP

    12288:88bRVLeIrKhQdsOlsi15URMMm/HSvqt1Z7iMEBQZRPZtwvE:8YRVLeIrwQdsJi1KRE/Ay1NiMkQSE

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6277498666:AAH4URlmeSysUKKZG20OTvrve55BRMLEu_o/

Targets

    • Target

      5c55eec6f12aa60ac02540ebb2af7b7780d148d76a07ad27bfad0d4f3bc1a067.exe

    • Size

      696KB

    • MD5

      2fad9d22d71aa2c94ee5b6ef0287440e

    • SHA1

      80331853c5503522e775aa7ef10317a14595158d

    • SHA256

      5c55eec6f12aa60ac02540ebb2af7b7780d148d76a07ad27bfad0d4f3bc1a067

    • SHA512

      a7ecba4cab6e47483d55141e7fc2e138915a4425fa86fb15a5034d530ff2a53e1f3785a38c99dfd62b3ead850ab25ff82d5e0699925d26ddfb0b124d191109b6

    • SSDEEP

      12288:XFmDIzln4wgNAqcDZ2ITVh4LhIMA4PDT3XWGl3VlVT6QdtaTlW:1mDId4wqANDI8S3f3BBVRtaT

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks