Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.20728d460c5c42cbd40ad4c4bcffa85013f4763501b561acccf23d76c871894d.xls

  • Size

    938KB

  • Sample

    231114-j4wj2shd8s

  • MD5

    b6e5689997ab86f037c75abe3478ed5d

  • SHA1

    8f274288e21c4907690c0925e9a4fd44293cf3af

  • SHA256

    20728d460c5c42cbd40ad4c4bcffa85013f4763501b561acccf23d76c871894d

  • SHA512

    44a4dd6dbad49bf2ef26259d9e82711a23badae938e891103f24eb2ed9fa37749ef5434807bed1728419a10a71409c02465415f434aece6c7f976b314a55d123

  • SSDEEP

    24576:g/BHw6/BZy83bVmEgTIZ3v5bJvuwAYyv4OL5udmwNx:D6/rt3bVm7TGRVvuwcQO1ni

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.bretoffice.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    }&HF=G!r!_eA

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      NEAS.20728d460c5c42cbd40ad4c4bcffa85013f4763501b561acccf23d76c871894d.xls

    • Size

      938KB

    • MD5

      b6e5689997ab86f037c75abe3478ed5d

    • SHA1

      8f274288e21c4907690c0925e9a4fd44293cf3af

    • SHA256

      20728d460c5c42cbd40ad4c4bcffa85013f4763501b561acccf23d76c871894d

    • SHA512

      44a4dd6dbad49bf2ef26259d9e82711a23badae938e891103f24eb2ed9fa37749ef5434807bed1728419a10a71409c02465415f434aece6c7f976b314a55d123

    • SSDEEP

      24576:g/BHw6/BZy83bVmEgTIZ3v5bJvuwAYyv4OL5udmwNx:D6/rt3bVm7TGRVvuwcQO1ni

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks