Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    41b402f4dd2d4499d2cf8a2c767011be.bin

  • Size

    1.2MB

  • Sample

    230606-bkylasbd79

  • MD5

    3cfbf02778bffaf87fc10797963fd138

  • SHA1

    f73193b29c9851b15270761c71fb99ddb9e8b3bc

  • SHA256

    3558af2ffcf7c93d5c4989d1a1554dfb8be9c0c4a4c551a9f1afc4679412e4e2

  • SHA512

    f2b7e62e683d10477f67e52d5c1c8ea7a696b267085f328e13a500fed27f745bbea02289e14ae45f9920b2d916da587e3bd1b22ba31fa24675cd463d7ecc5e71

  • SSDEEP

    24576:3ItLcUHS31pZszkzYeDu9O3dYXb2MF4lQtYSe4r4WByjMoNNZVYz:A6l5Y6uEN8F46tY74rzmMeNZ2

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      601dc4de31bcaa59570d7ec039396da0c846daa9fca986721617c2574d7c11f6.exe

    • Size

      1.3MB

    • MD5

      41b402f4dd2d4499d2cf8a2c767011be

    • SHA1

      04f6f1876dc2ad221f05f0e9c9dd706551860988

    • SHA256

      601dc4de31bcaa59570d7ec039396da0c846daa9fca986721617c2574d7c11f6

    • SHA512

      c1581dd70691159f51357f9af57295a4399883abd46d869d118b4f30698341f0a58b7667ac10ceacc749dc47c8e2c023b54165cb905521578e146ba2bb4243ea

    • SSDEEP

      24576:NTbBv5rUan8ztIMs1hgtrCxDKvMrBW4ey2Tygt90e+hoxktMpO:HBj8ztI0RCkvMr8Maygt+HYO

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks