Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PAYMENT Route.pdf____________________________________________________________________.rar

  • Size

    541KB

  • Sample

    231023-q9tqzahb2s

  • MD5

    822b964b935bee7da3502f7037942d92

  • SHA1

    373ad8abc6e2b58371fb8543d7ed4d5c8bdafb36

  • SHA256

    c99a75f50b78f5735845826a15174eb80db51ef3f4149847a03b69f5d631e52e

  • SHA512

    f0e16b71da0230da02f859fd75e4efca822691eb60577869e0d24dde95b0aacc7232374cf93f3d3bfec99bef8b57eafac07b6c4caea798b361da0fe9a0d6e32c

  • SSDEEP

    12288:LtidniG9Nnr8aANHupJC9C3uRzSJhFCUhwoi8DhJiy7IJbH:LtE3NmNHupM9IukhBhxi+DiVJr

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PAYMENT COPY.pdf.exe

    • Size

      1021KB

    • MD5

      28707370a3fb75269da8a9da30960505

    • SHA1

      9c900e8ca6595599e922bce6f3255f29063d6212

    • SHA256

      d49cff946605d03af069b896354b114d8a4b87313c1aa7fcac9fbf71bb39f8c1

    • SHA512

      1ceb51a47825143cce7c0826e3d378b639621972996d6b0f7af772837852a0c00fc6f671f9c8642e2372e6b8118e43596f654073134681ca3958fba62be7f44f

    • SSDEEP

      12288:uF0rdOBhhxlh/VJ1euMQd+S8Q/ZNt4/NpUH:00QdxTVJEuMPSDxNt+

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks