Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Request for Quotation & Sample,xlsx.exe

  • Size

    692KB

  • Sample

    231024-rpjwpsdd91

  • MD5

    5cb875d521c85f0fa24bf77ad132557f

  • SHA1

    51d82f5cc6b1584a09c7a473f676db2ddbecb691

  • SHA256

    d53f012f7499d34efd9c65029f7c2f2231f164fca3157a5e2eba031f9ead92b8

  • SHA512

    e82e2ba347a3ee94bbdcf0cdb9c8794f36e7c40d0e68e19e5a192198a87cfb75ad8096f6e3c636a6f806f2544ae6bf3fcf44d8b3275f3d0c6f96aaa319415033

  • SSDEEP

    12288:ngR/mZRM+kjc2q0lkzOQRB7+eyaNdJL4P9D+XT9ciSHzFSq3y:ngkZR5ktjQRB7LzbkP9C9ciWSqC

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Request for Quotation & Sample,xlsx.exe

    • Size

      692KB

    • MD5

      5cb875d521c85f0fa24bf77ad132557f

    • SHA1

      51d82f5cc6b1584a09c7a473f676db2ddbecb691

    • SHA256

      d53f012f7499d34efd9c65029f7c2f2231f164fca3157a5e2eba031f9ead92b8

    • SHA512

      e82e2ba347a3ee94bbdcf0cdb9c8794f36e7c40d0e68e19e5a192198a87cfb75ad8096f6e3c636a6f806f2544ae6bf3fcf44d8b3275f3d0c6f96aaa319415033

    • SSDEEP

      12288:ngR/mZRM+kjc2q0lkzOQRB7+eyaNdJL4P9D+XT9ciSHzFSq3y:ngkZR5ktjQRB7LzbkP9C9ciWSqC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks