Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

31/05/2023, 06:31

230531-g974xsdf9t 10

General

  • Target

    02035499.exe

  • Size

    815KB

  • Sample

    230531-g974xsdf9t

  • MD5

    ea4a5870ea5b2417a6ac0bbc7cc44be3

  • SHA1

    5e605904d1b0c797aac2b798319bb0c145a1b646

  • SHA256

    202494911805344069ceb189e70db6f89e17f55febe24dc4f42b3736c5b457a4

  • SHA512

    a96149dbfbce51b12c135428eefb05fa686d6fbf30e997c5e80ed3ae5f4f40bfb029aaf120ac43fbdb639ef876a6f20a32c5d904767349d4eedb62a29b4111d9

  • SSDEEP

    12288:zAMTihh6xhZ6OrlZKZXzlKwkHaG0M+NHG12wQ0l2qaMMJfiRoCJqJ7gwJBT3qrb+:0MUgh8ylZKhRC5J2Qle9JKRFJZw

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    marcellinus360

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    marcellinus360

Targets

    • Target

      02035499.exe

    • Size

      815KB

    • MD5

      ea4a5870ea5b2417a6ac0bbc7cc44be3

    • SHA1

      5e605904d1b0c797aac2b798319bb0c145a1b646

    • SHA256

      202494911805344069ceb189e70db6f89e17f55febe24dc4f42b3736c5b457a4

    • SHA512

      a96149dbfbce51b12c135428eefb05fa686d6fbf30e997c5e80ed3ae5f4f40bfb029aaf120ac43fbdb639ef876a6f20a32c5d904767349d4eedb62a29b4111d9

    • SSDEEP

      12288:zAMTihh6xhZ6OrlZKZXzlKwkHaG0M+NHG12wQ0l2qaMMJfiRoCJqJ7gwJBT3qrb+:0MUgh8ylZKhRC5J2Qle9JKRFJZw

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks