Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c63e10d9534c22a4b8c51073288b94c32a428b2871f5739ab71d4e4ca1a19771

  • Size

    605KB

  • Sample

    231012-t84rbsca3s

  • MD5

    efd03b5a9e6342f84aaf28dfec524c1e

  • SHA1

    e161a7a9664a34e60baae4546b5809de3f427cd0

  • SHA256

    c63e10d9534c22a4b8c51073288b94c32a428b2871f5739ab71d4e4ca1a19771

  • SHA512

    8dc0f9e3b55db97ea7430d2a8576a2f56ff212549c5cd2d7d77053507460ccfbbd5face6c828d6d8c10264d2a11d04266831df28eb8c5a65534e8a13d17fdd52

  • SSDEEP

    12288:v7t6kBLAQMxGaJEsBBSuySO68+qjaoUwVT4blIkPwBEVqC:jUgLAQMoaJjBBSuyAB8aYVUhIgwBEVqC

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Purchase contract 23K11-086.exe

    • Size

      680KB

    • MD5

      d87dc3556f0ee0c56863f83c1dfa88ab

    • SHA1

      434f9728b7e5708cc6e3b24cd4df437fb454d5bf

    • SHA256

      024c11134a00bda4eaf6a4528131e86652aaa1c1931d71c2f413c7c133b74c75

    • SHA512

      af6d0be79f90e361a032e97e449b8327d6dac987b53f7b6531c186724664e8a912602088dad62d365d689d41d34d37c12b1439ccf74217d49b4e0806acb2151e

    • SSDEEP

      12288:zYgAfDuHOXCcBq08I209uEE3hctaEqqNs7pK3bvHRu0f730PmPAJs:zYggcGql09bIetaEqqTrxu0o02

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks