Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.8485.25115.exe

  • Size

    2.8MB

  • Sample

    231116-vzt17sfb3x

  • MD5

    1bdbd5c1ab6fe548bdeeb09d39a4f695

  • SHA1

    4f571ab8ec12301d07cf716269f1e9c21cbb22f4

  • SHA256

    cbd9fe54df365905b812f5fe8a1305fd98bd98f7fe92e426ef3c1d4c72d49f72

  • SHA512

    4bf2e476005f04f3eff7c5eddbcea51ce5d0de4716e85d572e686afe3328ec05102c995e36eeabb414911079f07d92bdc4ad88b7372e1674dae2d467426f86b8

  • SSDEEP

    49152:z1A5scNs9oLw126HONYyf9Oloexrr7qw6FwhkA3UU79UxeO0:z1CVVcUvNJf9OlNxf7qoD3

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.8485.25115.exe

    • Size

      2.8MB

    • MD5

      1bdbd5c1ab6fe548bdeeb09d39a4f695

    • SHA1

      4f571ab8ec12301d07cf716269f1e9c21cbb22f4

    • SHA256

      cbd9fe54df365905b812f5fe8a1305fd98bd98f7fe92e426ef3c1d4c72d49f72

    • SHA512

      4bf2e476005f04f3eff7c5eddbcea51ce5d0de4716e85d572e686afe3328ec05102c995e36eeabb414911079f07d92bdc4ad88b7372e1674dae2d467426f86b8

    • SSDEEP

      49152:z1A5scNs9oLw126HONYyf9Oloexrr7qw6FwhkA3UU79UxeO0:z1CVVcUvNJf9OlNxf7qoD3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks