Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.NEASNEAS999af74298d53155ee08e2bc73d6c9bb38cf36a0962e7d9b0ec2673374889f2disounknownunknown_JC.unknown

  • Size

    698KB

  • Sample

    231013-v7pfpacd61

  • MD5

    78aec04856c175b776c256e23c652de1

  • SHA1

    0eea8abc4476dd66cfc5be91cdb336680cf87ab4

  • SHA256

    999af74298d53155ee08e2bc73d6c9bb38cf36a0962e7d9b0ec2673374889f2d

  • SHA512

    8a77f755b23bdb6f636dd9992bf4b75fa8431b3a3e5d0347f266d0a4af43c7119514f0053f12354bcbf271dc233e46fb2f66030043b516da865dfabbba71b082

  • SSDEEP

    12288:PvodG6hpxamLP2YGidPz4GOQ5lz2qE35i83DrQkFXaC2F:PvolhabWxAJ53DrQ+e

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      10015520.exe

    • Size

      638KB

    • MD5

      ca3ba834efe42b9989c0625aadfa1071

    • SHA1

      d3c607a510e8e45e5e74c58de3da6a8b0946b6f0

    • SHA256

      d8204ac509d07bf3dd4113684775ceb188ca79a9d77965a3f31911bb3bdf093d

    • SHA512

      adaac20d33fd1b9ce66b0790edf8351d1ebb3fe5e36eb9d59420cda70eb132980e1442ab295af88cc2fe612d2f7827c32c84f4e87f92145e8f2c8226873f9466

    • SSDEEP

      12288:xvodG6hpxamLP2YGidPz4GOQ5lz2qE35i83DrQkFXaC2F:xvolhabWxAJ53DrQ+e

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks