Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1cd95a6e7380834f98182cef84e49b843d27c20bc2c111849a756408a8a2a34b.exe.zip

  • Size

    632KB

  • Sample

    231031-rh9tjsbf82

  • MD5

    e1ceb8629d1c4ebe016f331be7a06404

  • SHA1

    b2d58b639b73fe17626d15f6cada8a7c6cf5e2ca

  • SHA256

    2d80c70b807366bd95568061912531e7f0c14b6f558b403260d8a26ee373a23f

  • SHA512

    b87771d78092a60c26ad3b11fe674b0be6d44800a1185511a92ab4efb69287d9eaf7a3de261075fbd19af5c5a8be39486c63d5c5cc3f78dcb1f0581c7ed9f8a2

  • SSDEEP

    12288:L7KIG4Z5jJXX1R9skw6v96srtXCe+3y61J/rKkW4d0btpJxOFazSwTF3:P/ZdRbn96srtXCe+Z1Jm74d0btFOFaz7

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1133291620918382632/dqE_masvBaWgRzB59nggrkJBKoBvmOr6eW_j0AXdmxr8iUJKxaehQyz1TL6QQaDldmii

Targets

    • Target

      1cd95a6e7380834f98182cef84e49b843d27c20bc2c111849a756408a8a2a34b.exe

    • Size

      752KB

    • MD5

      6c8403c97b7d16046218c8b26eb36d45

    • SHA1

      c360688864dc407a298f10b42eb1a436ee5a2293

    • SHA256

      1cd95a6e7380834f98182cef84e49b843d27c20bc2c111849a756408a8a2a34b

    • SHA512

      432a69a415d2361b9c402bcb76fc49dbb2f2b6043f5346d049924517fc2dc63185f4bc438166050a22087bbc18ef3e60e309b0f62b76278e8856bcbe71451f84

    • SSDEEP

      12288:o5MYDNqtNr/G+AcZ9ZcyQMmkXO34EA6Zsi+P0kj8qg/hKHGLDzjRs:o6Y4nrrqke33+Pprk0Gjj

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks