Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RFQ MR - CONTG. 0992-19-PD KAHRAMAA.exe

  • Size

    666KB

  • Sample

    231219-rl9mysfee6

  • MD5

    de613f46aec20a6ad14b85cc95e1f57d

  • SHA1

    f495916b81e0b14bf6392c2531d91450ddd3bd40

  • SHA256

    dc27601dddbad4603883a836acec791966b3e9926fdb0945c95b49a9957eba83

  • SHA512

    b5c853af251904333c9b9dce1ebabab0162c5dec21bc3c35cd68c3ab541af0b114b8a12c24ebe9bd956828a5c94dbf5651b6bbafae9bf1300173e995a734c4bf

  • SSDEEP

    12288:LSL10OEiu1jp5djtXDhl1wFC1hCkXDEK3R:nbtp5dFfuFC1hCkoE

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      RFQ MR - CONTG. 0992-19-PD KAHRAMAA.exe

    • Size

      666KB

    • MD5

      de613f46aec20a6ad14b85cc95e1f57d

    • SHA1

      f495916b81e0b14bf6392c2531d91450ddd3bd40

    • SHA256

      dc27601dddbad4603883a836acec791966b3e9926fdb0945c95b49a9957eba83

    • SHA512

      b5c853af251904333c9b9dce1ebabab0162c5dec21bc3c35cd68c3ab541af0b114b8a12c24ebe9bd956828a5c94dbf5651b6bbafae9bf1300173e995a734c4bf

    • SSDEEP

      12288:LSL10OEiu1jp5djtXDhl1wFC1hCkXDEK3R:nbtp5dFfuFC1hCkoE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks