Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687_JC.exe

  • Size

    607KB

  • Sample

    231012-a3rd9sfh99

  • MD5

    9dadfc8f01d8b789ce9267cc188591bb

  • SHA1

    79f2fe21dbd9f4618a60d9421b623b6cfdb6d924

  • SHA256

    cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687

  • SHA512

    14974449f4b048802cb4f95aef64bc3d789ee1a96c4dde03f0dab2654e7ff754873bbca454d2c65303ae5d40f9f46281d13b7f71d500b04a46354e3536f147bd

  • SSDEEP

    12288:zpUTErRtZC/CY5fdwZ0uYlR8gdV0Vj28EERjnd/gm5TD:NUiZC/CY5f6SHlR8gaj28Dv/gm5

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687_JC.exe

    • Size

      607KB

    • MD5

      9dadfc8f01d8b789ce9267cc188591bb

    • SHA1

      79f2fe21dbd9f4618a60d9421b623b6cfdb6d924

    • SHA256

      cd49b022411c34b834f765d874611467fe327f58a0d3c83cf33d78fb3989e687

    • SHA512

      14974449f4b048802cb4f95aef64bc3d789ee1a96c4dde03f0dab2654e7ff754873bbca454d2c65303ae5d40f9f46281d13b7f71d500b04a46354e3536f147bd

    • SSDEEP

      12288:zpUTErRtZC/CY5fdwZ0uYlR8gdV0Vj28EERjnd/gm5TD:NUiZC/CY5f6SHlR8gaj28Dv/gm5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks