Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    804152064.zip

  • Size

    658KB

  • Sample

    230609-j6pjhsbe98

  • MD5

    d2b476e328f06b3227e427b29acbd380

  • SHA1

    119ce5dc688bd534d068051fe6441303451c1f29

  • SHA256

    02c82d7b7be7553259a42370f46fb351f5c65fe771c1d6616fefa3f19fd542dc

  • SHA512

    e4bcea5a988ace4a0ac7a938ed4291fe6a7c0f74a3b0b4c94ee8a37cec362a4a6a04738d5c6e34749f3f57bbcebd7b5456c8a8846e446ec32a8cbab81d487a3e

  • SSDEEP

    12288:wKYvfDBWFPutyu2CpA97e758QDA55tkTpR7b/iMIGJu3hEaEtPE0s0WsE+hu+:w5vfDBsGtp2D97eV8QDkGEmM0s0dESu+

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      804152064.exe

    • Size

      723KB

    • MD5

      331bc06d67e4078e0779a9a0a5d355b5

    • SHA1

      475924a69dee5e4a4ab1a66c944068fa2111db68

    • SHA256

      ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f

    • SHA512

      8e30912ab46b825292955ad70f816a8a12171692272af563181630a4ec0e24de2dbb240c8cfbf666e6233fc9c58858d88de53164dde82a804066c842501c8fee

    • SSDEEP

      12288:sk+J/M+Jhewx/NscEQ+vgXK1HsaPbntTjlFhush1nPTs8HlaxYvR1toDvll2Hvk/:sl/thewlqB6pGjlfusbrs8UYvREblivu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks