Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SWIFT COPY MT103.pdf.exe

  • Size

    585KB

  • Sample

    230817-gn7ahaff83

  • MD5

    ecfa344adc08c80b1717abc337753e9b

  • SHA1

    51ace356a871e5831eab17758ff982130f542ed1

  • SHA256

    0246246b1452e63b1eea7a93f73e9edfde5e1b4c41d32d44ea100aa0ba7d4b3b

  • SHA512

    14754c4e73c523cf011018f8ea0010219540df69821b96c19bded399d2fcdff5afcfe303c220a77b2ecd64ab203f8eeb63e18ba7d180f8f6488943364a63c0e5

  • SSDEEP

    12288:C7EYqCDl+CDfeY7oiNG3bHfiBmg54cZMl3OXIcDpAafwYaeMZ0U:43v7oi83bHfag3O4e2afwYFy0U

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5752794370:AAGHbBIUSUvwQW5dpdi3bNZyPbHwpEPD5r0/

Targets

    • Target

      SWIFT COPY MT103.pdf.exe

    • Size

      585KB

    • MD5

      ecfa344adc08c80b1717abc337753e9b

    • SHA1

      51ace356a871e5831eab17758ff982130f542ed1

    • SHA256

      0246246b1452e63b1eea7a93f73e9edfde5e1b4c41d32d44ea100aa0ba7d4b3b

    • SHA512

      14754c4e73c523cf011018f8ea0010219540df69821b96c19bded399d2fcdff5afcfe303c220a77b2ecd64ab203f8eeb63e18ba7d180f8f6488943364a63c0e5

    • SSDEEP

      12288:C7EYqCDl+CDfeY7oiNG3bHfiBmg54cZMl3OXIcDpAafwYaeMZ0U:43v7oi83bHfag3O4e2afwYFy0U

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks