Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ORDER 00.doc

  • Size

    227KB

  • Sample

    231101-pz7peagd31

  • MD5

    5483c4d5bd2f86ae17a02583ca1264c1

  • SHA1

    2fe0ad2983ee1f8a71aca5727c65d3ae9e54fdc8

  • SHA256

    0352d3068460a1f9e366d76d3bc508449f0fceaf5a73a45e821cf11ba38bf6bf

  • SHA512

    b2cdff776ee97ae2afbbf8aeb553e08a26e7170a78642fbb51d653168f62e295b4d8ac763fab539640fcbff6ee5be2e477c1074b2757b89edd6fcc5006cb5b54

  • SSDEEP

    768:gwAbZSibMX9gRWj75vSln/16AiMqcho7tdn6MRwlz07ftrLI0:gwAlRIvSln/6Mlho7tdn6Xlz0TtrLI0

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ORDER 00.doc

    • Size

      227KB

    • MD5

      5483c4d5bd2f86ae17a02583ca1264c1

    • SHA1

      2fe0ad2983ee1f8a71aca5727c65d3ae9e54fdc8

    • SHA256

      0352d3068460a1f9e366d76d3bc508449f0fceaf5a73a45e821cf11ba38bf6bf

    • SHA512

      b2cdff776ee97ae2afbbf8aeb553e08a26e7170a78642fbb51d653168f62e295b4d8ac763fab539640fcbff6ee5be2e477c1074b2757b89edd6fcc5006cb5b54

    • SSDEEP

      768:gwAbZSibMX9gRWj75vSln/16AiMqcho7tdn6MRwlz07ftrLI0:gwAlRIvSln/6Mlho7tdn6Xlz0TtrLI0

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks