Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DHL_Doc.rar

  • Size

    512KB

  • Sample

    230801-k2cjtseg72

  • MD5

    dc9e352339341f7d1cdd9ec6e7e5e07c

  • SHA1

    e7c28f102c9d7daac9993c9bbf63a84c9a9da326

  • SHA256

    acbf15c97bf58b8232d5446cf977c31442d239153b5eed6d44273b85212d754e

  • SHA512

    897419e99ca5e3a54c8dc578a6bc2b8768d8c62c55b32e7da4f833a3a5e473c165eab47de0639193442be8ee820590bb779ad9f8c5c869d1bedb2f000d370eee

  • SSDEEP

    12288:VPiX6cGV4ZK7TWdH3ArXa7YGJ+xW34ny4StfGsAa:Vi6pCKOdHwGxgxWHJfGsAa

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      DHL_Doc.exe

    • Size

      555KB

    • MD5

      d0a1d49d933944acae0f8a5f357f3afe

    • SHA1

      758867fed338a4fe9ebde2b252fb17ea99e4e2cb

    • SHA256

      e163660f2b270299aa1ff5846e0b7b8d9eac1f91ad2d3f5cfe3cfc261123bdcf

    • SHA512

      9862f092f38ffc1c42e2600361e34ae8f1e9f0507035150ed54fda6b0bbf0168de427fbf2047fbea800f30b142e7aa77eb9b0517b79ae3453bd8f036aad19085

    • SSDEEP

      12288:NlVv6NZcuDVsfhoTEJy9HcuJomeGJd68pxW7sJBqhjiYqOLt+icsVB:1Cvc6+fST8G8zm/cGM7sJBqhe3mtG

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks