Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NewOrder.exe

  • Size

    735KB

  • Sample

    231120-hwcxasfa8t

  • MD5

    422bfd2d85dd5bee8004526fa012df6a

  • SHA1

    0b06633d868e7fcf22d0532d2bf97f40a61ffe73

  • SHA256

    e49df0f66eb42b10494df1c1c8518fe9ab49b30df38b148c2158149d52a11b91

  • SHA512

    fe5b82b7769fa3afb8d3617aab515be587d14637da26a1ddaf449fb48123e9d0a46399011498d224d84033c78ebab9727688c7a7a07d4cb23a94b8caa9657a16

  • SSDEEP

    12288:vjN61h61EWGy6ZbRjXUtxX7LXM3Q7H4C/6GhuOTNLItGvB+WGe35dM5mbp7z2atS:gY7GDZoX7LXCQ7H4o6GhJXBZ2

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      NewOrder.exe

    • Size

      735KB

    • MD5

      422bfd2d85dd5bee8004526fa012df6a

    • SHA1

      0b06633d868e7fcf22d0532d2bf97f40a61ffe73

    • SHA256

      e49df0f66eb42b10494df1c1c8518fe9ab49b30df38b148c2158149d52a11b91

    • SHA512

      fe5b82b7769fa3afb8d3617aab515be587d14637da26a1ddaf449fb48123e9d0a46399011498d224d84033c78ebab9727688c7a7a07d4cb23a94b8caa9657a16

    • SSDEEP

      12288:vjN61h61EWGy6ZbRjXUtxX7LXM3Q7H4C/6GhuOTNLItGvB+WGe35dM5mbp7z2atS:gY7GDZoX7LXCQ7H4o6GhJXBZ2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks