Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Purchase Order_sk1109811.exe

  • Size

    1.4MB

  • Sample

    230815-lcgmxsbh9z

  • MD5

    8306babc704fd78660862c0c4213a924

  • SHA1

    e930d227cfb29a2b7c358fbbecee898f8bc0c3b6

  • SHA256

    0a11257873d5786d74c6521640664c516fbd058aba5677bb2487f9b6be197508

  • SHA512

    1f7cc8fbb29eb5502801592377728bfab38f4ca65c39a2ba3d1ee4aefe51e76a416efa77c80878d8ae4ef5e155bfc4110afa33a73de6fc93ec466cfe5dd172a9

  • SSDEEP

    24576:TaOgu/O+YeZxqcKZOUmRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppUOv+Wk:mu2+YerqTGRs6CE3jLbO9Rs6CE3jLbO4

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Purchase Order_sk1109811.exe

    • Size

      1.4MB

    • MD5

      8306babc704fd78660862c0c4213a924

    • SHA1

      e930d227cfb29a2b7c358fbbecee898f8bc0c3b6

    • SHA256

      0a11257873d5786d74c6521640664c516fbd058aba5677bb2487f9b6be197508

    • SHA512

      1f7cc8fbb29eb5502801592377728bfab38f4ca65c39a2ba3d1ee4aefe51e76a416efa77c80878d8ae4ef5e155bfc4110afa33a73de6fc93ec466cfe5dd172a9

    • SSDEEP

      24576:TaOgu/O+YeZxqcKZOUmRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppUOv+Wk:mu2+YerqTGRs6CE3jLbO9Rs6CE3jLbO4

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks