Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.W32.MSIL_Kryptik.DWR.gen.Eldorado.5366.1090

  • Size

    595KB

  • Sample

    231120-pqm9eafh53

  • MD5

    c19399e9045071dc4ab0cb7f52f2f59e

  • SHA1

    1cc4169e607c1dbed814b66aef383d764b7a6e13

  • SHA256

    51b487c92f5e52dc485cb8971b4725ed6a475e2ace51946e3cc113863067ef13

  • SHA512

    35a4eeaa6c3d823810e5d2882758a0ee0682d8de31088fb8d2d2adc2fa407eed521ec3390ac2abb690cd3bac40261e1164e6df7180e9a0829f8bef1d001ac00a

  • SSDEEP

    12288:SMvCerm7itLTtlCJmBwHiKthWrbCurA+0Jlwhw/hKrGUMLT:jqermWltlCJmB6iShWGQ90A+hyQ

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.W32.MSIL_Kryptik.DWR.gen.Eldorado.5366.1090

    • Size

      595KB

    • MD5

      c19399e9045071dc4ab0cb7f52f2f59e

    • SHA1

      1cc4169e607c1dbed814b66aef383d764b7a6e13

    • SHA256

      51b487c92f5e52dc485cb8971b4725ed6a475e2ace51946e3cc113863067ef13

    • SHA512

      35a4eeaa6c3d823810e5d2882758a0ee0682d8de31088fb8d2d2adc2fa407eed521ec3390ac2abb690cd3bac40261e1164e6df7180e9a0829f8bef1d001ac00a

    • SSDEEP

      12288:SMvCerm7itLTtlCJmBwHiKthWrbCurA+0Jlwhw/hKrGUMLT:jqermWltlCJmB6iShWGQ90A+hyQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks