Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f4fbe44601948e2474ebb35261952b08fcf51a2b98cf79ec0a27fd39bda651f1_JC.exe

  • Size

    336KB

  • Sample

    231011-gnsgcafd92

  • MD5

    93aba80ef8c7ce6282497c48e7e7ccd8

  • SHA1

    9428c1e4109c62f71fa850469a2f4374f09574f1

  • SHA256

    f4fbe44601948e2474ebb35261952b08fcf51a2b98cf79ec0a27fd39bda651f1

  • SHA512

    85c4fa44e3d49b04870c54ec10cc7541e7273eeb0a2e29cf6c4ef08e48fcd6cee5180bcda96074ebe95bcf86a60e59d22ca7762c0e1d9cfa791e5d45d941b319

  • SSDEEP

    3072:lDKW1LgppLRHMY0TBfJvjcTp5XZonONL1Y111111405kKjdYz6m1hKbe:lDKW1Lgbdl0TBBvjc/ZogLXax27ib

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      f4fbe44601948e2474ebb35261952b08fcf51a2b98cf79ec0a27fd39bda651f1_JC.exe

    • Size

      336KB

    • MD5

      93aba80ef8c7ce6282497c48e7e7ccd8

    • SHA1

      9428c1e4109c62f71fa850469a2f4374f09574f1

    • SHA256

      f4fbe44601948e2474ebb35261952b08fcf51a2b98cf79ec0a27fd39bda651f1

    • SHA512

      85c4fa44e3d49b04870c54ec10cc7541e7273eeb0a2e29cf6c4ef08e48fcd6cee5180bcda96074ebe95bcf86a60e59d22ca7762c0e1d9cfa791e5d45d941b319

    • SSDEEP

      3072:lDKW1LgppLRHMY0TBfJvjcTp5XZonONL1Y111111405kKjdYz6m1hKbe:lDKW1Lgbdl0TBBvjc/ZogLXax27ib

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks