Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    071BF4F3F134C97AC9F34772D2EB873FC8F2A539B6009D7B914DC4A3B0B7CC48

  • Size

    553KB

  • Sample

    230518-cfv52shc67

  • MD5

    a8dd2c5eab6ae74bdfe84450ea58a0ce

  • SHA1

    a2eb77e4a8f383f2f1e7d1ab1a9e1042ae6f1cf3

  • SHA256

    071bf4f3f134c97ac9f34772d2eb873fc8f2a539b6009d7b914dc4a3b0b7cc48

  • SHA512

    fe2d0296e1e42ff3112e9dd23180f5fcca96bbf3b46f0435cbad5617d282a192603fcfc75eabab94a840d0b281f6af1b5a2ec596169af441d3ce6f214773cb60

  • SSDEEP

    12288:pe3o5/nCgU7VCL1p6q6DTjlzG2lpg8b1rrpLT8Fuycokylyy3:peo5/kxCL1gT42lBBrpLQFuydkyUI

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      recibo de pago OC456337.jpg.exe

    • Size

      592KB

    • MD5

      3461fd2c8482af651b818f61dd049e42

    • SHA1

      b4dc69de92f2cf210c615e6ec506d3a1d21aa777

    • SHA256

      3a33384b0027c321a9643ba9428d7227aa6b4401e3882f91cc93539590500411

    • SHA512

      d18de0295cacc0286b65eb90202b8f0d4cedf233e552c4c13e48b092014ddb2a955203a0d6f8fa080388cd384703c75ad8a029cf1e5378559a5e5ec827655bcc

    • SSDEEP

      12288:Cf2iNeUDMY+SnwYmTzsht19PL3MyE+q8IZroJWURe/hN2dVzXYt:Cf1AUDX+RFshbJ8yE+iFoJWEeZN2dxY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks