Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6f726d571c05354dad7906926fec4b5a.bin

  • Size

    784KB

  • Sample

    231127-chn5hsdf6v

  • MD5

    90de367251caeac37ccbbf95881b7339

  • SHA1

    4eec8c8cc48116f25fc5f35138009fa9127ef560

  • SHA256

    7913afc6334343706d7b99ba2f17fb2c2bb14a35dbd9a29852c842863869ace9

  • SHA512

    53b39a1bc183bc6f33e7958693231560071a56ba978af51a1ce8a8b61b5f8a7f095eed390d04bda41850d573dbd168423ccdc72fec9b98628111773559b7b9c2

  • SSDEEP

    24576:1XL9oelyeHyBmMIFTBnWqmqkfmlKdcJS0J4:BD4iyBmMmRRpjlx16

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Purchase order (2).exe

    • Size

      2.1MB

    • MD5

      8fb77e0a72fd58877460ae734179d388

    • SHA1

      2dba24ec72dcd704d98d96de2b93d4c9c3f82f26

    • SHA256

      61af5cbcf8452d49cd6a2f9e562bebcd55a560a68aba7bf1d591f01bbb9c0290

    • SHA512

      d3dd24ad1ebd82ff276b9c07a5597a7154045fa1ab94325691c4f4f7ad6a3930b16f6d1b6d20349874091ee5fa518f79acbdf52f67ab1d09ac2d94ae66740a20

    • SSDEEP

      49152:XVSZZ9WBVVjJNOUrrbsyc2TP0DHEwb3zxG6R:hrrDwbzxG

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks