Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Proforma Invoice.7z

  • Size

    1.1MB

  • Sample

    230630-fx3s1ahb21

  • MD5

    cf32f3762a1d04e82d111fa81aeca038

  • SHA1

    6269964e02648baac95f26a8deb6d44b829e799f

  • SHA256

    019c57e34c7c90f5c3e02d3ffb68fee20b4ffe36e318f532e877c09d55aac959

  • SHA512

    7f1f8797b14a62af3e26372b7c96fe4b3958480030053b44b170fa734460b1e595ed9c76f2c4e47fc76b534554a9bedd69662442dde7b252567a130165e81319

  • SSDEEP

    24576:Lw6w3duXTTrTH7+shDC4DgPzdMD2yjyncecaV1plNZBJ0z3:Lz2ATTrz7+YlE+j8ceca/NZBJ07

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Proforma Invoice.exe

    • Size

      1.3MB

    • MD5

      0dcce5c54658fc8e2282b8f737e93be5

    • SHA1

      622ed85d5cba99ac24d691b98b71ab7080074161

    • SHA256

      eb2e0bf52e69c88784e19aef53a2c0330d3151ce8d448c5c45de44f3fc965aa0

    • SHA512

      18307f094d771b865853a821bdb2f1dd885366208e44789787746e0a0b172e61597cb00b60c5e591a8c86aef17cf5241994659c1e92e6d9dc8c8354a876cd05f

    • SSDEEP

      24576:uVp0K8s6owsmKZw2XXPUOgnwy45hbCbsfeHzYTuxa1y+ceBwDdplNMn0:uVp0K8s6owzInPUOgwy4fVWa1jceBw9D

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks