Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.32422.27987

  • Size

    536KB

  • Sample

    230921-f8mwxsde6z

  • MD5

    7ca21c3c3675e6f031f5dbdbd734fbb1

  • SHA1

    a06df48d928d73be766be87d6bf309d85baefe0f

  • SHA256

    91c4358eb1c2c4d38b2c3e930eff281ab6cf22ae0200e4dfa49725fd4657e9f7

  • SHA512

    a50341eec2ceba39fa2e083ba6b53b8a503a20959fb0869e99c459d035cb52dcb5e9047a69c0bb1f188b6965a1ee4bc88620b9eba7f69d248d28b43904fec2ff

  • SSDEEP

    12288:TS9IXRtjsjxZwbwyFexlPn5H4F9GXGKS4qBwNTYpIfdOvnhJ4Hs1:RFYNnK9GXyFwNUpqOnhJ

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.32422.27987

    • Size

      536KB

    • MD5

      7ca21c3c3675e6f031f5dbdbd734fbb1

    • SHA1

      a06df48d928d73be766be87d6bf309d85baefe0f

    • SHA256

      91c4358eb1c2c4d38b2c3e930eff281ab6cf22ae0200e4dfa49725fd4657e9f7

    • SHA512

      a50341eec2ceba39fa2e083ba6b53b8a503a20959fb0869e99c459d035cb52dcb5e9047a69c0bb1f188b6965a1ee4bc88620b9eba7f69d248d28b43904fec2ff

    • SSDEEP

      12288:TS9IXRtjsjxZwbwyFexlPn5H4F9GXGKS4qBwNTYpIfdOvnhJ4Hs1:RFYNnK9GXyFwNUpqOnhJ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks