Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.32375.31243.exe

  • Size

    844KB

  • Sample

    230627-tdxpjaff4t

  • MD5

    4533b49ce0a3180c1779db32a63aaeba

  • SHA1

    03a420e47d6f58d0e3d6d6c76af3420dc81313f1

  • SHA256

    25277f616af1f7335329651071b68e7c202f7cf32896ab437cabe5a32c760a9e

  • SHA512

    6fe5cd708746988506a52e72242ca70140396260b9cf25dc2554b1eb2731ffe97e4bc65c4e1e1dcc7a525c0777dd7a6d99b99d5ca59467dc02e5c92c5cd73e99

  • SSDEEP

    12288:Vv37AaypPsLxWPMOXYqttmlaoMudaCpJUerZsJ0T55:lA5pgxWPJXPtmlazWauJUeru

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.32375.31243.exe

    • Size

      844KB

    • MD5

      4533b49ce0a3180c1779db32a63aaeba

    • SHA1

      03a420e47d6f58d0e3d6d6c76af3420dc81313f1

    • SHA256

      25277f616af1f7335329651071b68e7c202f7cf32896ab437cabe5a32c760a9e

    • SHA512

      6fe5cd708746988506a52e72242ca70140396260b9cf25dc2554b1eb2731ffe97e4bc65c4e1e1dcc7a525c0777dd7a6d99b99d5ca59467dc02e5c92c5cd73e99

    • SSDEEP

      12288:Vv37AaypPsLxWPMOXYqttmlaoMudaCpJUerZsJ0T55:lA5pgxWPJXPtmlazWauJUeru

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks