Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AWB-18052023_1.7z

  • Size

    254KB

  • Sample

    230519-pv75dagf7z

  • MD5

    60186bdd7343d1ec3f36fbb79e605edb

  • SHA1

    8a6ad3145b5f411a7d0b37aa227ec4f3da28bee9

  • SHA256

    e968bd84f2b72b1d238b1eb28cc1cbc8eeb24d1db7acee8e8ca433ab5b28b106

  • SHA512

    20748f441adcce1781d281461e9a25fb2c36e8ae3168ccfecee0f3c11e531af316a83f72f11bc6a48ebc8b4d3f7842d04731aab0dac8cdd80c10f0b8184fb4aa

  • SSDEEP

    6144:fpzgOqMCUvbsQvpMymkq7XmHlPfSjWlz/RbwE0h1ECn:RgNMzfOymzmHZailRny

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      AWB-18052023.exe

    • Size

      298KB

    • MD5

      b8b4d97f8f291a30d44ba156a4d4cbd1

    • SHA1

      2f545aad0c50c37754d9716bee7b9a37d5289910

    • SHA256

      2e5e690fe5a9607c51574cd1e8444591a9dd524fafc78911ff9f09ee5242bff1

    • SHA512

      7a8f9a452824555833158769c6a5247ca174679bdc8a527d3535b3fdd0fc05d1ead8097cb006c6a25dfce6493950798624ec81893122687ac5c1c9ea70fa387a

    • SSDEEP

      6144:6UFxbIBMP6HyvbefvpM9mkT7XmHlPF/6IC17Cjj1VA:VbgIuO9mQmHZFSRC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks