Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ee65a8025fd1c588e46437ac19dfe667.bin

  • Size

    770KB

  • Sample

    231011-3m1xzsdh86

  • MD5

    c0f5513174f6c0a917313ac44c4cd8f0

  • SHA1

    f7342f3a5dab7517b20ec13c76cdbc100919d76a

  • SHA256

    9774fdea7e8ed96bfafe6e2bb78948c6f54cfcba577502fbf5dbed9d251dc63a

  • SHA512

    5a60922fb31904f452e68c0b1bf6e2767028333e950d656315af0b5190cf5a18f70e7ce752573c644b7f3b9b7ec33565cd2f3f68e865e2f20f9ee773781344c6

  • SSDEEP

    12288:B1jArOyNRp95ErF/q446MY/hzNDUX8MmkCA24Q0mkmCcZQTq15wt7:B1jAxRP5+FRBNNDUsMmkLxqzaGEt7

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      DN 729950068251.bat

    • Size

      1019KB

    • MD5

      f3d4c5c46c3d6b6f245032ced203e902

    • SHA1

      2ffa30c68e1182acf0976f0b1021f523e6a0edf4

    • SHA256

      36848413f8c343c47d8bf2f8ec254d402357031b1fb976cfe925e00438119c8a

    • SHA512

      ecea94028784e376ffb79d55053f9eeca53ad9beff94b499463d710d4b111b21d876c8bf5e15ca7640a87550d366714229236bc5cb66cc1df6108426c564a56f

    • SSDEEP

      24576:e4iTYb5PEHqFhUIzJMMbhgBpUxFR2Id6FnWhhh0c2j:mYbuHaNbh0m2W0c8

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks