Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PI.exe

  • Size

    873KB

  • Sample

    230519-ny4exsde76

  • MD5

    22a9b282c0942875f9f99aeeb7503bf1

  • SHA1

    b563cc1c326699fc8556bb13b3bd9265beedc0de

  • SHA256

    48a9074aa2eebe724b1e9d3828e2eb3ab0fde8d370ef71652b5ffe44cf51322e

  • SHA512

    753366f0512df3654fa28c48e30f2abb3693c372c9746c08659c58811b3f87aa88a30d3a67e059c0a8ee6afe582de2eff16d6c8f33200e11499f0acb04e2cea4

  • SSDEEP

    12288:v2iNfUFotEvZ412FX6vGIJ4XWfiTBSC8WU0UtuH5T2J3jHuR:v1Bs0qZ4MHJmsoCy0UtugJDS

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PI.exe

    • Size

      873KB

    • MD5

      22a9b282c0942875f9f99aeeb7503bf1

    • SHA1

      b563cc1c326699fc8556bb13b3bd9265beedc0de

    • SHA256

      48a9074aa2eebe724b1e9d3828e2eb3ab0fde8d370ef71652b5ffe44cf51322e

    • SHA512

      753366f0512df3654fa28c48e30f2abb3693c372c9746c08659c58811b3f87aa88a30d3a67e059c0a8ee6afe582de2eff16d6c8f33200e11499f0acb04e2cea4

    • SSDEEP

      12288:v2iNfUFotEvZ412FX6vGIJ4XWfiTBSC8WU0UtuH5T2J3jHuR:v1Bs0qZ4MHJmsoCy0UtugJDS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks