Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Hesaphareketi-01.exe

  • Size

    827KB

  • Sample

    230921-q6ywhsgd51

  • MD5

    c0d956cc5890708f404aa6f40c6a1b88

  • SHA1

    b58e8db4836a1164a6e1ff484c2cd905344867a7

  • SHA256

    6ac12d6300b2a0961015dfec7fea15fb5b67836a3485cd40f29cb0717126c239

  • SHA512

    174df7078f3afbcdfd70e665d98858f4cb1c8fd962f77105e35b580078deb3f97f69f60b124415cee3fd7b323d621ca8ec52d492110f8a61fed5e233c283b6c3

  • SSDEEP

    12288:3dSUd2iNtTm4IHcvV3I3ahgY1ybkd/QeJuSmfvM/FaYNlGpbXxlj:kUd1nwqV43+gtk5QfZk/UYlcXX

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6254955302:AAF0EGiuME-sfAF669pG465ZHleSu5QtvIg/

Targets

    • Target

      Hesaphareketi-01.exe

    • Size

      827KB

    • MD5

      c0d956cc5890708f404aa6f40c6a1b88

    • SHA1

      b58e8db4836a1164a6e1ff484c2cd905344867a7

    • SHA256

      6ac12d6300b2a0961015dfec7fea15fb5b67836a3485cd40f29cb0717126c239

    • SHA512

      174df7078f3afbcdfd70e665d98858f4cb1c8fd962f77105e35b580078deb3f97f69f60b124415cee3fd7b323d621ca8ec52d492110f8a61fed5e233c283b6c3

    • SSDEEP

      12288:3dSUd2iNtTm4IHcvV3I3ahgY1ybkd/QeJuSmfvM/FaYNlGpbXxlj:kUd1nwqV43+gtk5QfZk/UYlcXX

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks