Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TT PAYMENT.exe

  • Size

    1.1MB

  • Sample

    230630-qk46each97

  • MD5

    120ebce72710d7ff3d5b004b28f8cdb3

  • SHA1

    1b4b48d514cd6ddce5fb5960191909019e86c79f

  • SHA256

    17b85440e830fbef06c68240cf0024dad39a394409980195c360c0084c4be907

  • SHA512

    41ec5d6abf80c7c7a73c6342ff04bbc55ceb96d5cd5826c110c9a724a46cf9514c5da2a148fdf5e1342303b7c9a6aebe0a4ded364964fd2dc0d49f366fbd2b14

  • SSDEEP

    12288:XjUPKl/CRhFk76tVXQeOiZ8KrkrU5ZowzT8Ga5iCOpSfRE1FTW+Yf/eKq/Crecgx:XjUS5GIKVX0SDkwsN645CFO+fCSD9mO

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      TT PAYMENT.exe

    • Size

      1.1MB

    • MD5

      120ebce72710d7ff3d5b004b28f8cdb3

    • SHA1

      1b4b48d514cd6ddce5fb5960191909019e86c79f

    • SHA256

      17b85440e830fbef06c68240cf0024dad39a394409980195c360c0084c4be907

    • SHA512

      41ec5d6abf80c7c7a73c6342ff04bbc55ceb96d5cd5826c110c9a724a46cf9514c5da2a148fdf5e1342303b7c9a6aebe0a4ded364964fd2dc0d49f366fbd2b14

    • SSDEEP

      12288:XjUPKl/CRhFk76tVXQeOiZ8KrkrU5ZowzT8Ga5iCOpSfRE1FTW+Yf/eKq/Crecgx:XjUS5GIKVX0SDkwsN645CFO+fCSD9mO

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks