Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PROFORMA.EXE.exe

  • Size

    485KB

  • Sample

    231012-pbnavshd61

  • MD5

    af4f474f394a907b0a5fe32c58a9ec0f

  • SHA1

    2711d6d2180bae3d4bebc24583b7312443c7cad8

  • SHA256

    97db943d58a436c3af596f5189c5f45c6303d6f5cd686d059d023d571d9ebf1b

  • SHA512

    8d5302f88899fcb5824d7b332a8f63095dc9baf43320211c98b9b226a02dde9c11383536cb30e2af544c4c458c8951cf9c69c4c50f8bba9c59d56149f9390369

  • SSDEEP

    12288:iLBsUHAeKHYJNeJXKDdZeTvOxzP3W1pgkmiVv:iuyA3HwUXKDSrIzPtkxVv

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6454394730:AAGgFQQoYOheiUtQpndUMtI4qKuZRF8EXWA/

Targets

    • Target

      PROFORMA.EXE.exe

    • Size

      485KB

    • MD5

      af4f474f394a907b0a5fe32c58a9ec0f

    • SHA1

      2711d6d2180bae3d4bebc24583b7312443c7cad8

    • SHA256

      97db943d58a436c3af596f5189c5f45c6303d6f5cd686d059d023d571d9ebf1b

    • SHA512

      8d5302f88899fcb5824d7b332a8f63095dc9baf43320211c98b9b226a02dde9c11383536cb30e2af544c4c458c8951cf9c69c4c50f8bba9c59d56149f9390369

    • SSDEEP

      12288:iLBsUHAeKHYJNeJXKDdZeTvOxzP3W1pgkmiVv:iuyA3HwUXKDSrIzPtkxVv

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks