Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Quotationr00.r00

  • Size

    502KB

  • Sample

    230704-xxymqagc79

  • MD5

    b7ce6e26c0eb722140a81c68b4da7e26

  • SHA1

    6c6177218433279d4d34fb5a8149ccb9eb2eb653

  • SHA256

    ec97365b20eff61a64e5b9a02e53f1849345612012cfa652030c58c945a8089c

  • SHA512

    4d21b17263722247c9270fb35ef31cf47912fb22a6a9df12573cec78d3f58ed4e1861ec8213a77b85b9ac6fafc369d7398cc6f57fd7b181c1904a7ceb7781739

  • SSDEEP

    12288:21eQFaMwn8sWGj8vV16mHlyn9fj2krrG7:KM8sWQuqmHUB9G7

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Quotation.exe

    • Size

      831KB

    • MD5

      0b01741f707a7204f673814ed3257bd0

    • SHA1

      e3a26c4e967ea85eeb07bede52ad99d07b1f5258

    • SHA256

      e3a4d27630c1d1f5f57a8d490047380ffd6f813b6ffa9eb554632ac915a61447

    • SHA512

      be5c717978de2422c6b227fca411a3da058429546502f1911cc2a85c11d2b4b0ea858e8d0f3ca5bc1d3c5a6da3378190e2e676157299777e0edb01c297ed428a

    • SSDEEP

      12288:cfGb3nsa9x1LsqbkGweSJ3hs0bUZEZ1BthUhCmdjRlilfa6PkQ4:UGwJ3hfbUyt0lOc77

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks