Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SOA.zip

  • Size

    705KB

  • Sample

    230519-sa1fksed33

  • MD5

    583c8c66af398c49a416a807f80fdaa8

  • SHA1

    057e7c925ffc0fb6d1f3d6b4b86a9cc953b8a383

  • SHA256

    5618c10e74a619d5874b1e30a6042fbb3816f16f787f3d85254c3f7531bbc177

  • SHA512

    61e7c1a79781d96085f0c24e23ab776e4c71e723ee76cbfd2cff4de3f59b58928e201274f90b57a994d72df25a9ce4122d95122230c1d20a841532eb87711151

  • SSDEEP

    12288:4Ih0e5OLJY2xzZqVIgW/lBsawBUiRCoK7xxsr3fJAsRmgHq8t9G3YAUTF/Fx/mXE:b2wGJH4Ivwqi0o6xxsr3hogHvtoYAUTF

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SOA.exe

    • Size

      856KB

    • MD5

      4d0e331deaa258bc549b39550d7b2d48

    • SHA1

      03869d19f359b1aa0c0574e08f943b131958b441

    • SHA256

      8428406eda6db55581a934d0ca6b892e5aeaad581174e907b02bcc8e48d6280f

    • SHA512

      e24a20baf4b2e798106e89329fd2b923c79139976d44bd3341ccdffdb4c4bb31bc39bd5db1ebb806d1c685cd0b77838c0983037159682db821afdb8fb28d0f9d

    • SSDEEP

      24576:6P0tj6tVhE8cqiuo6NTsB3hgwLvt/W32:6P0V6tVq4q69sB3hJ/82

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks