Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RFQ20231031_Commercial list.vbe

  • Size

    51KB

  • Sample

    231101-hkr7vaea37

  • MD5

    9885fc872331773b6748ed3886bc7957

  • SHA1

    71bc53359b1fed0f04c81324fce95aa1b7e000d8

  • SHA256

    faa259f6938502626581cd6d770aa9a1f13c837c19e2d433b2eff805c1e100d4

  • SHA512

    80eeb8298b3b7e9f09e73059a8db647fb49e2b8b8fd13ad23d80c0e783e17ae27455c846722d2cdbc3151c0518205fa4426c4ad3ba275eb2bdb14869736d1600

  • SSDEEP

    768:CV+v7O4wiyszD1F1Wa26Hsn3Fk8AUcgW5kZD9407ptajEEONE7kJC3t6AiFj0:Ay3Xz31J26H4Fk8w3mDL7mQNwkJBFj0

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.lipp.com.my
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    11pp@123#

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      RFQ20231031_Commercial list.vbe

    • Size

      51KB

    • MD5

      9885fc872331773b6748ed3886bc7957

    • SHA1

      71bc53359b1fed0f04c81324fce95aa1b7e000d8

    • SHA256

      faa259f6938502626581cd6d770aa9a1f13c837c19e2d433b2eff805c1e100d4

    • SHA512

      80eeb8298b3b7e9f09e73059a8db647fb49e2b8b8fd13ad23d80c0e783e17ae27455c846722d2cdbc3151c0518205fa4426c4ad3ba275eb2bdb14869736d1600

    • SSDEEP

      768:CV+v7O4wiyszD1F1Wa26Hsn3Fk8AUcgW5kZD9407ptajEEONE7kJC3t6AiFj0:Ay3Xz31J26H4Fk8w3mDL7mQNwkJBFj0

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks