Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    invoice overdue.pdf.exe

  • Size

    953KB

  • Sample

    231115-wcajqaed31

  • MD5

    3c288f869290db9a0a736599823e837e

  • SHA1

    6ac8d55163b018275e32d7478f12b41926e48268

  • SHA256

    f112d1e7c8414255846131a14109ae12e45ad65296bd014601d0a83c9ea90cb2

  • SHA512

    ebf3d226026059c053b5787f293e7d1b7c89c56ebe1ce13d0a43b1c235e73537302b3f9a8d267257f88128a7fff5380a838efc7544e27446ad86e049a6f7e916

  • SSDEEP

    12288:/IL5VcLYuPliBSpZAWzpNHP1MBkw9Jj6kKAQQtmxIlL5cjQUgjW9WB/P7r9r/+pj:85Oj1ZAWr4Jj6vA7UIh5cjojEC1q

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      invoice overdue.pdf.exe

    • Size

      953KB

    • MD5

      3c288f869290db9a0a736599823e837e

    • SHA1

      6ac8d55163b018275e32d7478f12b41926e48268

    • SHA256

      f112d1e7c8414255846131a14109ae12e45ad65296bd014601d0a83c9ea90cb2

    • SHA512

      ebf3d226026059c053b5787f293e7d1b7c89c56ebe1ce13d0a43b1c235e73537302b3f9a8d267257f88128a7fff5380a838efc7544e27446ad86e049a6f7e916

    • SSDEEP

      12288:/IL5VcLYuPliBSpZAWzpNHP1MBkw9Jj6kKAQQtmxIlL5cjQUgjW9WB/P7r9r/+pj:85Oj1ZAWr4Jj6vA7UIh5cjojEC1q

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks