Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    test.exe

  • Size

    734KB

  • Sample

    230607-ve4pxadc23

  • MD5

    005c45c7069070fe6ad1f112a16f135c

  • SHA1

    a023833da6bc0ecbaa674be65bdfd75b0df7b9bb

  • SHA256

    fd987d623939a8b69f25a2b8350fb6e76a51e77545add40658fc60f00950d625

  • SHA512

    fef81ef730e17f1a71f47c2c75be4f25c31a66f2d372fc4a249546c0234c37034627d070412c0a62c492bdfb9a0d0930e1e9ad9489d6c79642c65d28c8dfeb9e

  • SSDEEP

    12288:5XiGDGvPSL84r6h7okw3DmKyhouWMNR5ZcnFzFJ+RsuDv5YQVqsjKx:5XvDGCLbr6h73klHuZ2nFf+RJvuQF4

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/

Targets

    • Target

      test.exe

    • Size

      734KB

    • MD5

      005c45c7069070fe6ad1f112a16f135c

    • SHA1

      a023833da6bc0ecbaa674be65bdfd75b0df7b9bb

    • SHA256

      fd987d623939a8b69f25a2b8350fb6e76a51e77545add40658fc60f00950d625

    • SHA512

      fef81ef730e17f1a71f47c2c75be4f25c31a66f2d372fc4a249546c0234c37034627d070412c0a62c492bdfb9a0d0930e1e9ad9489d6c79642c65d28c8dfeb9e

    • SSDEEP

      12288:5XiGDGvPSL84r6h7okw3DmKyhouWMNR5ZcnFzFJ+RsuDv5YQVqsjKx:5XvDGCLbr6h73klHuZ2nFf+RJvuQF4

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks