Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dd39cbc93b94888e04900cdc4c7da69e.bin

  • Size

    615KB

  • Sample

    231012-22qvwsgb74

  • MD5

    bb1b0389a30139f3dcae4567b89f6665

  • SHA1

    4670a82c1363e4ccedea58d723edc8bcbfbd455a

  • SHA256

    c117ab55923d1fa7f6055a2c2387532c2cec391bd1261d5cda7a4c5d2da11675

  • SHA512

    44c83c7957af318bf48443effde2c3168ed61244039b8447ec1affedc9c5cc0520a5282eb1d0299ce34123b770e8b89af5c3b3f456a5fe4ebae23c8f0f16b455

  • SSDEEP

    12288:l0d3UKTrjN08MyxFT+wJNlzAoknL1p0oavXAh:lyB9dFTFxCppawh

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      8400a919b9cb8b3ba1f8b635a24992fabddd5e162e0735c118a9213dc1f71ba9.exe

    • Size

      719KB

    • MD5

      dd39cbc93b94888e04900cdc4c7da69e

    • SHA1

      4001c2edea9b87c32dbc3500b69862ae1162f956

    • SHA256

      8400a919b9cb8b3ba1f8b635a24992fabddd5e162e0735c118a9213dc1f71ba9

    • SHA512

      ea4b8a0c92401ae8e9f68349d4b674674edcb3d57268760e8f7cededba9417961105ff5186ad8b8e5a4a0083d0330a5e533d49a1bb357c945e97b1f1c4d8de41

    • SSDEEP

      12288:7A5WIPr4zyD/dEjE+pt4h69VfeTVvvRSbCDF5x9PgfDvC1FmbyEM2Ws:+gb74/BdgzC1Fmeh2Ws

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks