Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0667f28a0d30bacde293358f9fe655f0650fed4efd2ffbdf25123ae10350b50e.exe

  • Size

    266KB

  • Sample

    230703-p84n4sgd98

  • MD5

    cbcf7349a287adfbdb49c5bfbdd370ca

  • SHA1

    3fb0aacfaddf5b88c9ec9b8714ea32e7e4661977

  • SHA256

    0667f28a0d30bacde293358f9fe655f0650fed4efd2ffbdf25123ae10350b50e

  • SHA512

    15050493942dac65a7ec554deadbb2fa06a78f1a9d6ff8d0ff74d6ceacbb8c8d473bb0aa39b7136afef942a33c6303adae5868399546b4fd092754dc4af81265

  • SSDEEP

    6144:/Ya6gY4l4+x/yE/L6J1D8xTYUFnRr9ATJmsdFu3s99vWtmS/:/Y2Y4l4+xaOM1D8xTHaTJmUucHS/

Malware Config

Targets

    • Target

      0667f28a0d30bacde293358f9fe655f0650fed4efd2ffbdf25123ae10350b50e.exe

    • Size

      266KB

    • MD5

      cbcf7349a287adfbdb49c5bfbdd370ca

    • SHA1

      3fb0aacfaddf5b88c9ec9b8714ea32e7e4661977

    • SHA256

      0667f28a0d30bacde293358f9fe655f0650fed4efd2ffbdf25123ae10350b50e

    • SHA512

      15050493942dac65a7ec554deadbb2fa06a78f1a9d6ff8d0ff74d6ceacbb8c8d473bb0aa39b7136afef942a33c6303adae5868399546b4fd092754dc4af81265

    • SSDEEP

      6144:/Ya6gY4l4+x/yE/L6J1D8xTYUFnRr9ATJmsdFu3s99vWtmS/:/Y2Y4l4+xaOM1D8xTHaTJmUucHS/

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks