Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PURCHASE ORDER.pdf.rar

  • Size

    567KB

  • Sample

    230717-h1cgbsaf39

  • MD5

    03b52383fdbc16cce0d0321df47f8cb8

  • SHA1

    5fa1735dcdb616d3f0c7adec5c6d69e12e300492

  • SHA256

    5be83ffe52e6517112f47fbda458f69711f7817f64520810b4254f467b0b6fcd

  • SHA512

    bd24634470f6e1c03a98bea2cfe5d319ae7d2700a3396ad4f7da3646852d430a7490a6f6fffff9c75603c997ce0aa667dd0c0833b803c6fbc8ea47b3af757747

  • SSDEEP

    12288:syLztH25YdfxOcWGjUk0ZvGwU4M6iSgfEhUmmVdwtDwJam9h:syLRW5Yt4cWMwli3fSUmxtD8f

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PURCHASE ORDER.pdf.exe

    • Size

      609KB

    • MD5

      cc1654f37d3a19d363abae9afd112788

    • SHA1

      1906b798cb71daffe4aa209383467b5dd6f19678

    • SHA256

      ec57c2de3349840ec8ac00000c964ba5c68cda5b954f6ea4ca3ced7098257286

    • SHA512

      5d0a27f73ebd2e3ec0fe120ee2a5e842fa9d73e3a64f003bfb670262e24f46386fd571576da1e0e5aaeca2d1d6bafd7104ea0d3ba6e4c1eab3cf806847689b3a

    • SSDEEP

      12288:czP5fztK7xB73farrIiPBMFCQ4INiqI/V:e5fRKdBbCr0iAJNDa

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks