Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd9ebeb1a490beb5b7506694a049f75b6cb75b684309609e0ecc3b1bc991c3e3

  • Size

    442KB

  • Sample

    231113-wevbxaeg78

  • MD5

    baa627598acd62ccd0faa139168ae985

  • SHA1

    29633b9fd80ebd0172c0294cdeb99800b4f55e86

  • SHA256

    fd9ebeb1a490beb5b7506694a049f75b6cb75b684309609e0ecc3b1bc991c3e3

  • SHA512

    e900af7686efdd44d0e1560397c01a40cbf9b4b4dcc65983a7203d203f7a19a043db3172194b0e392bc005496a93c5cf426cbc837256ed32a2be4f05b90d410a

  • SSDEEP

    12288:ZuljUGmTXpfooJPCI+pcDcOaGcN9CMaMrpDHD:ZuoGmTZfo0/FxbcN9I8FHD

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.experthvac.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    -8{jszMOY*Z8(~Za0#jyP%o7VoB.0)kk^)7_

Targets

    • Target

      Deposit slip.exe

    • Size

      590KB

    • MD5

      f9d8800ecf0986599a5893c5573591e3

    • SHA1

      95a51eb6fd997203997da56a5aa501683d0a5738

    • SHA256

      ea258ad70d4927bf512f93e2a2f0f1c523cf93c2473b212646dd939304a2f37a

    • SHA512

      f4dc8c22e3cc93d7b9061c40cb5aed72d6a43ff0c574900fbb912acc871a18ef12a8248a51afb0c27b921b1b735fbc2c0f6a787596a64d76bf477abb4535df17

    • SSDEEP

      12288:1l9fmTXpfCEJzCI+poDcOa9OHOp0UHUpIPEGWQVZ:BmT5fC2/rxae2EG5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks