Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TEKLİF TALEP VE FİYAT TEKLİFİ_PDF.exe

  • Size

    1016KB

  • Sample

    231128-jzg6vsgd9v

  • MD5

    28359695dcd722cd8ad82c6399825aa5

  • SHA1

    db7620a226726208f465b39c8d73129c163e4a4e

  • SHA256

    701182a3bb091638880b26c0d72edb8112862b127ed91f7d948918aeb427a471

  • SHA512

    0387811d179f6e080cd779906a95ce9eeddcb2e9637621f7ad33e2f11a26c202d9ab1978417976f2c0a643fc54b7de233f3e2940e73249a7fc15e8c1a89188a6

  • SSDEEP

    24576:8cOgfYxh9Je8INg9HY6rkPB3hoHEJZB/O6:jJf4Je69HYZhoHEJzB

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      TEKLİF TALEP VE FİYAT TEKLİFİ_PDF.exe

    • Size

      1016KB

    • MD5

      28359695dcd722cd8ad82c6399825aa5

    • SHA1

      db7620a226726208f465b39c8d73129c163e4a4e

    • SHA256

      701182a3bb091638880b26c0d72edb8112862b127ed91f7d948918aeb427a471

    • SHA512

      0387811d179f6e080cd779906a95ce9eeddcb2e9637621f7ad33e2f11a26c202d9ab1978417976f2c0a643fc54b7de233f3e2940e73249a7fc15e8c1a89188a6

    • SSDEEP

      24576:8cOgfYxh9Je8INg9HY6rkPB3hoHEJZB/O6:jJf4Je69HYZhoHEJzB

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks