Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Nuevos pedidos_doc.rar

  • Size

    605KB

  • Sample

    230530-rlrgdaad2y

  • MD5

    f59317071e58c42696d4d21e2b319bdf

  • SHA1

    a347458173c198467713675a1fe9f65979283334

  • SHA256

    20e50795022cde9d5a030d3b52ac3ce8e10d4e214cfc1eff06785ed81aa6f9fa

  • SHA512

    cf71370e30defe0971336b326c82135b43a6b0e44ce84869bd33236df0431f9e3b8a57d6ad79af68ed224a053b54471f2705fc2b9a36e62135177cc34bc36783

  • SSDEEP

    12288:/UT6FDFIfuMn65ukHsWLrMnlJEJBw+sohRVZP0acYiS4Bu9Q7EVHzw:/U4jfHsWLrMLEw+sovPPc6OEVTw

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Nuevos pedidos_doc.exe

    • Size

      692KB

    • MD5

      f4f7317b1befc656a212061df869a1d7

    • SHA1

      894d4e580155006bf9e775162ccb1f675f4f545f

    • SHA256

      8cb05af5d5848832ac7006071a842f3566196a891cd232ff3602b550803e73c5

    • SHA512

      36dd647d496dd2ded846901613d793b7910272e507949d4cc809c85f92ff37d1af2b603df86d3f2e4b3d2b43996be52e29d6a7763953734134822a4e58fc8de9

    • SSDEEP

      12288:bsIduX2iNfmFx2iqNhujGjU2CFFmDsMwWu3PV3WlVN9hZKqnN1YjjA+vhHjj:bsIduX1lmFxUHZDrKdsjZKqnN1ELt

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks