Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b.exe

  • Size

    545KB

  • Sample

    231011-q74s6ada62

  • MD5

    bea32ab4dc9d62c210300c9dbc587cf5

  • SHA1

    0d5d35b6a241917f80430015f97a6e7bcb419943

  • SHA256

    fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b

  • SHA512

    7bc4f0b489e1bb9c50515a13a7909e7d5b0e1a45f6a8c706ac3f99296d0b4e48636964b14c7f7075ef81a6e261c6bd634ff9cf848699ffb4f7c2fd118320fc3f

  • SSDEEP

    12288:6Ub+UwSvMMMDMMMWCUB1ysqCVTSK2k1m94SmCVN:lvMMMDMMMWCo1xlSK2kQ+6

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b.exe

    • Size

      545KB

    • MD5

      bea32ab4dc9d62c210300c9dbc587cf5

    • SHA1

      0d5d35b6a241917f80430015f97a6e7bcb419943

    • SHA256

      fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b

    • SHA512

      7bc4f0b489e1bb9c50515a13a7909e7d5b0e1a45f6a8c706ac3f99296d0b4e48636964b14c7f7075ef81a6e261c6bd634ff9cf848699ffb4f7c2fd118320fc3f

    • SSDEEP

      12288:6Ub+UwSvMMMDMMMWCUB1ysqCVTSK2k1m94SmCVN:lvMMMDMMMWCo1xlSK2kQ+6

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks