Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1.exe

  • Size

    600KB

  • Sample

    230918-m2ncfagg8v

  • MD5

    77348c455ca0c859d9a00f3ada71cb74

  • SHA1

    e18fd626e7f20173fc46970a6387068421598f50

  • SHA256

    56b42ce524e101188605f0c0f6efaa7f4e77f4754dcb62607e6b53c45e4952be

  • SHA512

    201476aeba07abafe4c9739aef3da14ff2ec01d289f312d1d513e6ac117f2ce980e90dfdd3ee24cae1417e728f7edbdf658ae5447cecaac225a04e6101491af7

  • SSDEEP

    12288:FYZAfDuHOX9SnM62XAFZbz5ZzVJg3uL6HlcyuN1LUpn6ZE4ZljqS:FYZgji8g/5Zzjg+XBUpnOE4Zl

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      1.exe

    • Size

      600KB

    • MD5

      77348c455ca0c859d9a00f3ada71cb74

    • SHA1

      e18fd626e7f20173fc46970a6387068421598f50

    • SHA256

      56b42ce524e101188605f0c0f6efaa7f4e77f4754dcb62607e6b53c45e4952be

    • SHA512

      201476aeba07abafe4c9739aef3da14ff2ec01d289f312d1d513e6ac117f2ce980e90dfdd3ee24cae1417e728f7edbdf658ae5447cecaac225a04e6101491af7

    • SSDEEP

      12288:FYZAfDuHOX9SnM62XAFZbz5ZzVJg3uL6HlcyuN1LUpn6ZE4ZljqS:FYZgji8g/5Zzjg+XBUpnOE4Zl

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks