Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf

  • Size

    799KB

  • Sample

    231125-dgbngagh2x

  • MD5

    8fb6d1e2ee67f07c2119e2ad77298b8d

  • SHA1

    f8e6d4e53c48f1e155d975dbe9b8788438ab2eff

  • SHA256

    7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf

  • SHA512

    e40e7de8cf6d39a4e2d5e0eda17ddfd8c5031bcf2d582e448867af8ebeb9153610aa21c8cdeaa3aeb2ec1854b9ba4a0b4709c769fbb4109381deb65e29620a75

  • SSDEEP

    12288:x+HvqbycatMvDITcpGIm/RarlLhFeP68lK4ENzJu:xckyp2vDITAnrlLhcS2ENJu

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6307340152:AAHeYN4antwLhSrldvdRuauawQUNIq8sZ1w/

Targets

    • Target

      7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf

    • Size

      799KB

    • MD5

      8fb6d1e2ee67f07c2119e2ad77298b8d

    • SHA1

      f8e6d4e53c48f1e155d975dbe9b8788438ab2eff

    • SHA256

      7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf

    • SHA512

      e40e7de8cf6d39a4e2d5e0eda17ddfd8c5031bcf2d582e448867af8ebeb9153610aa21c8cdeaa3aeb2ec1854b9ba4a0b4709c769fbb4109381deb65e29620a75

    • SSDEEP

      12288:x+HvqbycatMvDITcpGIm/RarlLhFeP68lK4ENzJu:xckyp2vDITAnrlLhcS2ENJu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks