Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DOC.r15.rar

  • Size

    781KB

  • Sample

    231024-mg376aea53

  • MD5

    6209f6545436a90c43894eed95e5a24f

  • SHA1

    43009455463dc49bbf2d2d3cc871c687a4f5a38c

  • SHA256

    2540f753f4d625b2f7847e9bae744c56c37793e535ead58c0ece4a06a34c9043

  • SHA512

    1546b81cde3d76932980abc9e15e377205f4b0e32074d3eaaf9d9f3400d951f2c454dbda233f069783c18c471acc4c68810df065766e5826b3a3aaf0ca7f3dd2

  • SSDEEP

    24576:+ZqUcZC+shrMOaAoWm9kyRlU9JSmONSlWmywkOi:euY/hIOaAoWm9kOO/SVgIHr

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      DOC.bat

    • Size

      1013KB

    • MD5

      63ea9acdff3fe07560351cca90577d8e

    • SHA1

      cd34d68bedb135454ac0a69a9a18432eaa0ea68a

    • SHA256

      805359e8add29af8ed6534df363b834315943a8d8af92579a660aa2645531086

    • SHA512

      b7c96d4c88ee74f54d5936e4bfbf4f796bed17bde73cfd5e500f93b87e7259d1ba2529bebc117a45fd2fb6952a91b9efc4fd5039626bb22e98c3819f8f417644

    • SSDEEP

      24576:Ha02wgz0sNZjcZ/zVRU3u0uTd2lKOXMe8GBySoC4FkQ:HwzdZ0zE8GVe

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks