Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    agent

  • Size

    79KB

  • Sample

    230901-wqafwagg79

  • MD5

    d4cd720a666d79b2ab49106c8a9f36f6

  • SHA1

    9098478ffab34d0d9e334dce3cd1769b86be166b

  • SHA256

    e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0

  • SHA512

    586ef5a136c0d1ab918af6745ad8ab2c922fddff4748a495c5e183c9dae608d0cf3dd7c642b8212e63cdc003f93f64f9b3b19c5250468e699e5c07d1c6f84f61

  • SSDEEP

    768:vljP1pmjALZy6prdO7K+tJpN201s9jmHt8N5zg7de8Aaiqk329ZvUDJK9BHXYpoz:vsuHQelfUAauuVU0TKoLOIrdppmdQ

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      agent

    • Size

      79KB

    • MD5

      d4cd720a666d79b2ab49106c8a9f36f6

    • SHA1

      9098478ffab34d0d9e334dce3cd1769b86be166b

    • SHA256

      e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0

    • SHA512

      586ef5a136c0d1ab918af6745ad8ab2c922fddff4748a495c5e183c9dae608d0cf3dd7c642b8212e63cdc003f93f64f9b3b19c5250468e699e5c07d1c6f84f61

    • SSDEEP

      768:vljP1pmjALZy6prdO7K+tJpN201s9jmHt8N5zg7de8Aaiqk329ZvUDJK9BHXYpoz:vsuHQelfUAauuVU0TKoLOIrdppmdQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks