Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3fd79e367d75bf1b3f13286941c0551a436a2f31a1e4d814f7086164659c83c6

  • Size

    860KB

  • Sample

    231012-jb5x1sgb92

  • MD5

    53960a423870d31c8c22ac0a2a8e6d79

  • SHA1

    7591cf56b9451715678ea342043ed95ceff0e8f4

  • SHA256

    3fd79e367d75bf1b3f13286941c0551a436a2f31a1e4d814f7086164659c83c6

  • SHA512

    7f1dd3233ea45011984771a831a0bcf1094df1b80a9c8fba6f53450e7505ab63f8018914c2cd9d0a91ede3e66120a6b0befc3376e75359538ce643cbd5c63bf5

  • SSDEEP

    24576:ULcZ1l8x8mYJrkfSiquJyXoj5GIHei6QW/kGSKRK:XPlE89JoLjlHnAk+K

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Payment Slip (SWIFT)·PDF.scr

    • Size

      2.1MB

    • MD5

      aa172e2518840dd8e47c36520639f99f

    • SHA1

      0c87154c41dd9cc5296259fa4ccdba17fcb057e5

    • SHA256

      e1b45cf3afc2cecdee5a2da5517404bead4e28b31fa09f95eb45e8421acd4c7b

    • SHA512

      267dee5888c2a31c0a956ce2ca32b004afae8c0ad2eec1420fd8bd676fb5d675381e4ea37bb0f8fcf58c9dd0a9c1e6a09b3bad9d355c409a0233225c4a528e29

    • SSDEEP

      24576:tfDf12Bap8DH508+gOCWLd491xCeG0FpcM+bKssK6aG9O:trMBaIy9mvcMbsF1g

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks