Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b3ac737f328169d7649cce8325e28e2.bin

  • Size

    730KB

  • Sample

    230520-bpwbqshe62

  • MD5

    f2dc5c88fbbd39061431626a598224f9

  • SHA1

    118752225c64c619c364d272113d735f19b1a650

  • SHA256

    119e0b0a9d5a8d92dde425a7968a573faf5406dd244de05f176860c0b87492b6

  • SHA512

    f92ccc97b447b40c04310c13b7e8c249b24a491c50a5b6d9f927901f30a475fd96c88f7f7ad9723b62d876fe6a392fd32731a3ebc908c3988c6339b566544424

  • SSDEEP

    12288:oIAHqgn+Btqd9VrLobp/1bIGC5JkHHZHI5uW5lgUc7BvWwzGzKrcETOkPJiT7:oIAHYtq9V/oFBzC5JkHJDW5zcd6zELRy

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6174413593:AAEFJFfmmgKHkg-43MZw2Pt5EAT6z2Bs9Ug/

Targets

    • Target

      21b178d2c4a37e242aba83fb691e598e442539566e5bfabc30f7501798684b4d.exe

    • Size

      969KB

    • MD5

      5b3ac737f328169d7649cce8325e28e2

    • SHA1

      822909bee7ee451dd76dce5b77593a5b35153595

    • SHA256

      21b178d2c4a37e242aba83fb691e598e442539566e5bfabc30f7501798684b4d

    • SHA512

      30f215d2bf1050fb9c41e9fa61200c3f28942659aeef3df6e8a24798a4f34488af23ee3eae1907b9727da1835ba26f0e19fa80f97f4ba60ea4c563ffb35075ab

    • SSDEEP

      24576:5Bfsl4bUSXJwta8ItxAQ47VrfxpJ/CxxLI/2:/fslCJO5TQq/lCxxLI+

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks