Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1693844525085627b7cf9bc306aa266e9305a77ee0a76dfb7cfee5affb59f76267a08f6833347.dat-decoded.exe

  • Size

    274KB

  • Sample

    230904-tvtdfahf95

  • MD5

    9f0aeff878befa2b72bbc2405581d78b

  • SHA1

    2eeb08f4869864d14cab38d73dc539cde3077f60

  • SHA256

    a1528f5de37b949354a3cdd6e72ac966b4a0ec675d7a23b67af482ddcb94616d

  • SHA512

    a5a4a0df564466e11ba0a5ae61289155f35545eb1225a3d378c29f20d65375feec9e5d6f4f8b8048932de9d1999348edd710c70d677db67a438bba6444fdaa81

  • SSDEEP

    3072:9pMF0t5OFxrHqMqZoeRcqs4sdtYS6Z02ljQEZ5URUxeE/RkJxKbzhe:/MK54xOMqZ/HaTYJ3cE/xNavKb0

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6515194704:AAEmyYc4dwrlO5o21i36i_KXXTaRISiSia4/

Targets

    • Target

      1693844525085627b7cf9bc306aa266e9305a77ee0a76dfb7cfee5affb59f76267a08f6833347.dat-decoded.exe

    • Size

      274KB

    • MD5

      9f0aeff878befa2b72bbc2405581d78b

    • SHA1

      2eeb08f4869864d14cab38d73dc539cde3077f60

    • SHA256

      a1528f5de37b949354a3cdd6e72ac966b4a0ec675d7a23b67af482ddcb94616d

    • SHA512

      a5a4a0df564466e11ba0a5ae61289155f35545eb1225a3d378c29f20d65375feec9e5d6f4f8b8048932de9d1999348edd710c70d677db67a438bba6444fdaa81

    • SSDEEP

      3072:9pMF0t5OFxrHqMqZoeRcqs4sdtYS6Z02ljQEZ5URUxeE/RkJxKbzhe:/MK54xOMqZ/HaTYJ3cE/xNavKb0

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Downloads MZ/PE file

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks