Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c885f9ee8ec4d3b7e91959611a7fce1e.bin

  • Size

    289KB

  • Sample

    230617-b5wx7shg45

  • MD5

    1664f74574bb51152f2d49923026792c

  • SHA1

    689e615b66cfe31428338ba455146350300da0c8

  • SHA256

    a4e11e3962f352ddd5a24f8117cf1c287107ec97989f5cdd86a3838971fb327c

  • SHA512

    6d1df5c25e3eb7edf71c5ff396f3c0654a345c0b6169cef916c5da559faea7df48ed9cd895a63fe1f77e5be3c0c9fa53842813cebee8b06a22882e2744d5da4a

  • SSDEEP

    6144:tIbeiSic5dTQS68/A5UTG50JPWy3/0wKdmZ7mtEYBHLezpy:3X7TQSyEnbKdmluvBrezc

Malware Config

Targets

    • Target

      0f9d70ee323db5f11fa245c6f6f0c3d485fca200e9dbb819e95cc5597e542b3c.exe

    • Size

      330KB

    • MD5

      c885f9ee8ec4d3b7e91959611a7fce1e

    • SHA1

      d3db0fd2da8935d8e73bebf35e9f5e247a7cb1da

    • SHA256

      0f9d70ee323db5f11fa245c6f6f0c3d485fca200e9dbb819e95cc5597e542b3c

    • SHA512

      7506f321d88ff385e444c49126847ecf12a357c2eab642f0048d40023d878206894b3c34be1952ef719d668b4113b5b2d6227dd0a13e6609ad876cf1b80dea99

    • SSDEEP

      6144:wYa6KK5E7iEZfPfEAsocHa8jKY8ERL7JASTG4thjjEO7zs4kXv:wYIoE2TCbh8ZAgfpjEOs5f

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks