Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Order # CCI-1260584.exe

  • Size

    724KB

  • Sample

    230607-lfbwvahd65

  • MD5

    89b3a3650105f363fa99624f7c122b7e

  • SHA1

    896232e9d46e96fb725027380cc56cc73ae3ace9

  • SHA256

    816dcc8bb5070ed2db687bdb064a383c946c8183f5e0c089f2453653be8a3086

  • SHA512

    a3a07c7679dc90b78d4a963fb750e2e72003ab119ff774a99db47483bbfcda1b53cdd9b205da0b6feac29503828b7b1dda3c28e9fbfdc451327ffbc8faa5ff4c

  • SSDEEP

    12288:60+J/M+Jhewx/NscEQ+vgXK1HsaP2XigKw/HDrnTfehVwWRkAUqT6c2sKoRjpt6s:M/thewlqB6p8W/jjTf6V/Ul9sK0t6LoJ

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Order # CCI-1260584.exe

    • Size

      724KB

    • MD5

      89b3a3650105f363fa99624f7c122b7e

    • SHA1

      896232e9d46e96fb725027380cc56cc73ae3ace9

    • SHA256

      816dcc8bb5070ed2db687bdb064a383c946c8183f5e0c089f2453653be8a3086

    • SHA512

      a3a07c7679dc90b78d4a963fb750e2e72003ab119ff774a99db47483bbfcda1b53cdd9b205da0b6feac29503828b7b1dda3c28e9fbfdc451327ffbc8faa5ff4c

    • SSDEEP

      12288:60+J/M+Jhewx/NscEQ+vgXK1HsaP2XigKw/HDrnTfehVwWRkAUqT6c2sKoRjpt6s:M/thewlqB6p8W/jjTf6V/Ul9sK0t6LoJ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks