Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5c08164a01b5a7f45e341d643e9cfc47.bin

  • Size

    500KB

  • Sample

    230523-brp8hadc77

  • MD5

    2d8f77ee5a029e2c6100ad0af792f7a6

  • SHA1

    bf2acf332b5fcc34daee8ea65b7c01152cf289ba

  • SHA256

    f3553c602336267db7fb39f0bc73accb9ded80a022f00d183b1d99d9e00bcce1

  • SHA512

    2dd9bf69f1896013ae2afeaae873e91230b6536ad1473830f532c48506051e160756069bbe1853321943c6d161b0bca0662d065db85913869cb54b8e18ca7c7d

  • SSDEEP

    12288:+uVnUTZNpirGq30FDoBngOcn+xhvCGFgueQpwtqstGpOuoV:+uBUT/Eb30FD0ngp+XqGjp4LuoV

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/

Targets

    • Target

      b63331b6052cd2cdecf84fd9a481bc30a5c8404d09a5694700a6b79f5d76514a.exe

    • Size

      861KB

    • MD5

      b23048bb519459d777ae29307d0f6d78

    • SHA1

      cf7e4c2a83d7b7c31462ebc62a65dcfc310ac7d0

    • SHA256

      b63331b6052cd2cdecf84fd9a481bc30a5c8404d09a5694700a6b79f5d76514a

    • SHA512

      3f37f77ccf19bfba6cfccafbdd5f7c0d455fde354c395c3e392bdefd72bbe0a1cb9ea8b00f585a2810e35bbea5168b4c846abc357f548e7e49477a3bfecfd023

    • SSDEEP

      12288:qYsOGRSljSNcQROzin29dM7RXYszkocbZ6:d/r8B4jV

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks