Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FRAIR00113735.pdf.exe

  • Size

    1.1MB

  • Sample

    231013-d1mvvaed44

  • MD5

    82512c1c3a19270d6793a28975e35ef2

  • SHA1

    014c1d471715f389c3456c2b6c3fb70fe73efd35

  • SHA256

    dfec19b2418939555f65e61d31c45c4714605150b83315c6adb735567f3b4d36

  • SHA512

    c580647640921aa2d32570668e2f3dd51a64765696ee612be326962a4bfc899975294514bd84bf912bbcd7762731c5d013bdd47de4eea53148f10beea3222c0f

  • SSDEEP

    12288:FDoS9IMVPrEAuyxMBFVjjjkbPVA3mGLqjkzVucZ9f/2FvQk5c/HZVUH4Y/:SyHuyxmFVg5A3mG+I5ucZlQo1P/9U

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      FRAIR00113735.pdf.exe

    • Size

      1.1MB

    • MD5

      82512c1c3a19270d6793a28975e35ef2

    • SHA1

      014c1d471715f389c3456c2b6c3fb70fe73efd35

    • SHA256

      dfec19b2418939555f65e61d31c45c4714605150b83315c6adb735567f3b4d36

    • SHA512

      c580647640921aa2d32570668e2f3dd51a64765696ee612be326962a4bfc899975294514bd84bf912bbcd7762731c5d013bdd47de4eea53148f10beea3222c0f

    • SSDEEP

      12288:FDoS9IMVPrEAuyxMBFVjjjkbPVA3mGLqjkzVucZ9f/2FvQk5c/HZVUH4Y/:SyHuyxmFVg5A3mG+I5ucZlQo1P/9U

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks