Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Shipment detail format.exe

  • Size

    609KB

  • Sample

    231011-ssb6psfe2x

  • MD5

    725cf8ad8ed8f096e03cd373c8abde91

  • SHA1

    c8fa598234529b94280bdb8fceeeeafe326f9575

  • SHA256

    057e86a5c22e1d0cc4a2c0e189fb5f118859a2554afcb111ebc280af9dc05c75

  • SHA512

    52bed1b613f897e6354b1c05d55880400937f288c8a7e32a3d4c15ce58e1efe25f7889114ccaf46626141491b862cfbb6f896c49ae200e686c70797617a07f8a

  • SSDEEP

    12288:ICn9t5725IAGZ64fzBt3hQJ0FyqNI6EO96f4zU2c1MlBBW75NJiaxmwS:ICEQk4VzQJvqNI6vMwzU0XBfaxM

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Shipment detail format.exe

    • Size

      609KB

    • MD5

      725cf8ad8ed8f096e03cd373c8abde91

    • SHA1

      c8fa598234529b94280bdb8fceeeeafe326f9575

    • SHA256

      057e86a5c22e1d0cc4a2c0e189fb5f118859a2554afcb111ebc280af9dc05c75

    • SHA512

      52bed1b613f897e6354b1c05d55880400937f288c8a7e32a3d4c15ce58e1efe25f7889114ccaf46626141491b862cfbb6f896c49ae200e686c70797617a07f8a

    • SSDEEP

      12288:ICn9t5725IAGZ64fzBt3hQJ0FyqNI6EO96f4zU2c1MlBBW75NJiaxmwS:ICEQk4VzQJvqNI6vMwzU0XBfaxM

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks