Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RFQ-000112030687.exe

  • Size

    365KB

  • Sample

    231003-h13nhsgh8s

  • MD5

    61d3b0268ab312ad7183a693041e5566

  • SHA1

    daf1c38ca56a0b8163aee55735cc1c34fa53de2b

  • SHA256

    60d963ad6d64ed53b4ef360e0fb04cbd0ca8c17d8de0fa29263daa531fb572a6

  • SHA512

    3cb7d33d8248296b3e3e9359d9e58fb57be11c1b3dc9186ec314039e0fee9802aab2f2dc82acaf5913cbef5b21a836a651f2853d8acf0e15cbebeb8fb825b2e0

  • SSDEEP

    6144:BnPdudwDsbeDOZX9lCmKb7x2Du6Exoa4Kb73KxyxOEf0hLynPbZyvXNvWeAzFPrU:BnPdwbeDmt0r2D/E7PUy0BLyTZGNbqrw

Malware Config

Targets

    • Target

      RFQ-000112030687.exe

    • Size

      365KB

    • MD5

      61d3b0268ab312ad7183a693041e5566

    • SHA1

      daf1c38ca56a0b8163aee55735cc1c34fa53de2b

    • SHA256

      60d963ad6d64ed53b4ef360e0fb04cbd0ca8c17d8de0fa29263daa531fb572a6

    • SHA512

      3cb7d33d8248296b3e3e9359d9e58fb57be11c1b3dc9186ec314039e0fee9802aab2f2dc82acaf5913cbef5b21a836a651f2853d8acf0e15cbebeb8fb825b2e0

    • SSDEEP

      6144:BnPdudwDsbeDOZX9lCmKb7x2Du6Exoa4Kb73KxyxOEf0hLynPbZyvXNvWeAzFPrU:BnPdwbeDmt0r2D/E7PUy0BLyTZGNbqrw

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks