Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TT.gz.exe

  • Size

    147KB

  • Sample

    230717-grflysbb5x

  • MD5

    841bc4b28567bc672d71cd8a86318236

  • SHA1

    80ff2c2f2e6a5fb63f9d067b158410549ce3a9fd

  • SHA256

    477a2d13d980cac6ec09b09eda410ea674cb8aa69da8a1e6e2a80fcf3b290c9a

  • SHA512

    35660c01c79abad13d99757c4854092b6e3f8f736b892a92f7b6cf0f50a608e4f966f032aeefc3403e4bbda98f604ec25efed1feb5f329fcdbb02fd4bc33b479

  • SSDEEP

    3072:oxmMRd5YFofTo4dXqJYNebTdz8rlmMtcDdNM8x/8v:osMRX04dXgYNeixbtcRNMz

Malware Config

Targets

    • Target

      TT.gz.exe

    • Size

      147KB

    • MD5

      841bc4b28567bc672d71cd8a86318236

    • SHA1

      80ff2c2f2e6a5fb63f9d067b158410549ce3a9fd

    • SHA256

      477a2d13d980cac6ec09b09eda410ea674cb8aa69da8a1e6e2a80fcf3b290c9a

    • SHA512

      35660c01c79abad13d99757c4854092b6e3f8f736b892a92f7b6cf0f50a608e4f966f032aeefc3403e4bbda98f604ec25efed1feb5f329fcdbb02fd4bc33b479

    • SSDEEP

      3072:oxmMRd5YFofTo4dXqJYNebTdz8rlmMtcDdNM8x/8v:osMRX04dXgYNeixbtcRNMz

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks