Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Tracking#INV-IV1905-029.exe

  • Size

    681KB

  • Sample

    231127-vs55wsaf73

  • MD5

    828636842c69b4e453f5735e77c89d36

  • SHA1

    b1c928ed1f9926fc64cee98be211a5e77c9551b5

  • SHA256

    1d2add4e6e6f86f45aa1a4b75c32e4efbf43bc117cc5b3a3927b4e548cf2732c

  • SHA512

    64b8f4ad28fd005936898e4fc244c8acab8257e04a033459a8b463fb5171a814ab20c7d5933577ef10562b8adba35eb4addd1060d1f18ce5448cfeec32cdfeb8

  • SSDEEP

    12288:OaiOid7BR6wTuHfH7eXkhH2iRr2nILMUrniYqW3WbKLrcPwp9euwjz8lIc2pvBpV:O1OipB+H+yR8VDvW3/cPwL3wj+i5pDmv

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Tracking#INV-IV1905-029.exe

    • Size

      681KB

    • MD5

      828636842c69b4e453f5735e77c89d36

    • SHA1

      b1c928ed1f9926fc64cee98be211a5e77c9551b5

    • SHA256

      1d2add4e6e6f86f45aa1a4b75c32e4efbf43bc117cc5b3a3927b4e548cf2732c

    • SHA512

      64b8f4ad28fd005936898e4fc244c8acab8257e04a033459a8b463fb5171a814ab20c7d5933577ef10562b8adba35eb4addd1060d1f18ce5448cfeec32cdfeb8

    • SSDEEP

      12288:OaiOid7BR6wTuHfH7eXkhH2iRr2nILMUrniYqW3WbKLrcPwp9euwjz8lIc2pvBpV:O1OipB+H+yR8VDvW3/cPwL3wj+i5pDmv

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks