Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    765a7f3426de3365b870cc99538eda74_JC.bin

  • Size

    668KB

  • Sample

    230902-nnry5scf92

  • MD5

    4966d2a220b9c54bf5cbf3eaac27ef08

  • SHA1

    014dc76255c4d1f76c655e214b391366a3eaf7e6

  • SHA256

    00c221397492400a9c49bd46074f4bcd123a0159351f75047ae77afccbf590e2

  • SHA512

    a88735d07eebba97552d2680cde752cb634989a91be44dc5948ba67261a5fb7c809afbf1884e682a3f24ae8687ef7ba6ddf145147fad7b1805f51e480253b8ec

  • SSDEEP

    12288:OYJ57mCysk0CFlsuQ0Ufbbwwf3pOsF6f3dEXb03APDKFW+q6Gla2am6o1dPikKG0:77fysrKl0nwwfZBi3dC0c+FW+4aXoG

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PO#006543678.exe

    • Size

      805KB

    • MD5

      f8cb5d6d15cc29e2fa8f5fa441440ab1

    • SHA1

      4c4d0691d1921bddecaffc6a969e4c992a1b0022

    • SHA256

      faaa913f0d90b0848bb2ccb743fc3f14d93c21c0085b569dac67cbc14273624f

    • SHA512

      a616a717ee6638cf8344a63d48fcf2ffe0f02ce20f47b30f23c40abe45d2c6c2648b70addb13ae14f3468bd9813337441a8ad3873ab34e178021ce450891a19e

    • SSDEEP

      24576:NUOPypIzgWUgZxIo6aqApySa+m3mHl67BnrE:NUOPypIzDUex79rpyiErE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks