Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd.zip

  • Size

    1.4MB

  • Sample

    231119-3t3p6ade7z

  • MD5

    b2b323429c49a2a8e5c30ea25a6e9ccb

  • SHA1

    7d785b4a18e8285cb730804c198ff5f8d6d53de6

  • SHA256

    e2f665440fa0644cb1a53b447598fd29e719eb62a5bea5951576abcef646f016

  • SHA512

    557a65fdcbef00e40af556d150aff5dda16bc822ecdba11a1b7eeb66b01717431299b03298b8a1f5029771caca1318db73a2e379e6587c7f01a044b43313c215

  • SSDEEP

    24576:BmkZ+mcWNclxv+0kuWBEXhOsno7fYAQB/Doo5DShS1qMcl60JUuaxO508zDCIOek:BmJmc8ix50UAIv4h21DJ86/

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd.exe

    • Size

      1.9MB

    • MD5

      e0bcb417f88eb3763db1da03853375e1

    • SHA1

      3a4dafbaacf7127a7bd55a20346d9c857e01b5f2

    • SHA256

      bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd

    • SHA512

      b718af048706bf1b66ba69b429376702fb59dc03055ce22a10821509f80ba2beddae176a7234cf97ec7265a8a9f97b2ccc61ee4b11b086054799275549b7a1d5

    • SSDEEP

      49152:sPKSQTERAQO3i2X9QfDjii+ZoEpNJHXXXS:MKSQTvmfvI5Xy

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks