Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ohoyecaysj4799.exe

  • Size

    636KB

  • Sample

    230513-2v9pescb3w

  • MD5

    0d8538ffcc2992e867d5da447af1bef6

  • SHA1

    be43896187e71eef6f463f407aca1007495c4628

  • SHA256

    f4e9e61847bf9d01a5249071cbe12827cdc1c5fdae59cbd2e11719c5dfde937c

  • SHA512

    35ee84b60aba711d7e0cc39c5866c0072a1ed091ed8925568da252b85f1a049004b66cccf48d9704a9a4173352bbfece216897e9d4491aa499dec9bd360e509b

  • SSDEEP

    12288:N2iNa9S9DnuFtiYs1PvvysZsBC85i7Du5sHqus0nIaA:N1I9iDuFtzAPvvM885KDu5sK0In

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ohoyecaysj4799.exe

    • Size

      636KB

    • MD5

      0d8538ffcc2992e867d5da447af1bef6

    • SHA1

      be43896187e71eef6f463f407aca1007495c4628

    • SHA256

      f4e9e61847bf9d01a5249071cbe12827cdc1c5fdae59cbd2e11719c5dfde937c

    • SHA512

      35ee84b60aba711d7e0cc39c5866c0072a1ed091ed8925568da252b85f1a049004b66cccf48d9704a9a4173352bbfece216897e9d4491aa499dec9bd360e509b

    • SSDEEP

      12288:N2iNa9S9DnuFtiYs1PvvysZsBC85i7Du5sHqus0nIaA:N1I9iDuFtzAPvvM885KDu5sK0In

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks