Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RLIC RFQ FOR CHAIN LINK FENCE.zip

  • Size

    520KB

  • Sample

    231031-sb3bkacb82

  • MD5

    84c33851f57d1f8d94c317cfc3745182

  • SHA1

    a53a213f1eae82c8d0c6f71a42fdf490c5308343

  • SHA256

    f4ec6e10dc8b2006cb4fee5a9b2bab9cdcd75d10d9a3f28d565de5c6ed24c039

  • SHA512

    33d0783a5b0b88e5b3cd437fa5458f603e96de3088d6879bf6e739cd1fa130ae0a31be89624771d37fb3c9d4d5a696af71336f4b36a48f7851563d20fc9cdc6c

  • SSDEEP

    12288:Tcofy8TXZMEpXs0zLvUPbGcVHxHdIhGGVQCY09szPV/caek6BY:4OBzrMCcVtdqGQVszPV9p

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      RLIC RFQ FOR CHAIN LINK FENCE.exe

    • Size

      720KB

    • MD5

      5e6e12f469bfbccccc8230e0b273af46

    • SHA1

      c47f43a407ded9fcf8c2e8c77231f8ee3f719f1f

    • SHA256

      555c988f8053478d8dfa7aa879a1ffb483fb4a30c32eee979c9ea82dcb489197

    • SHA512

      3df37aafb586d121988af555fff491b3a4c20c12f596b0ae9cd4411e01175744525f05fedf91961abd3166fc3ced3735086d3e715fdabe32801227cd03ba10a1

    • SSDEEP

      12288:1fyqTX/MaLX00zFTu7Xq2BS1fagiBohSdAk620NX1roRJ:tnz566BfagiBoSdAk62gXqRJ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks