Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cec5221ea002fae424e9a21d8364aa83

  • Size

    743KB

  • Sample

    231222-r9xcjagec6

  • MD5

    cec5221ea002fae424e9a21d8364aa83

  • SHA1

    4bf180341bc1e1ceabe22349c7f022a9802ae0d1

  • SHA256

    983925427fd1488a162e2af402b04ecf4ebb7b2b2e3c39aa0fe12f08a9c4f5c5

  • SHA512

    0ff3592710df0367d56071766e51978b82058bc7f9162a0e4ceb4b40051a3aeb46ea6921cee20906eb4e105398055f4d2024e3b75c05fa46ce63e49b714f6607

  • SSDEEP

    12288:gL42L541isaJ4fNn6B/tToreyA9UdYXhtwdcFCrLnP5Q5wrWlx:gL2sC1n6LIAKdYcdcsr7P5Q5o

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.sunyoktoy.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Alibaba@#HTMLcovidwor

Targets

    • Target

      cec5221ea002fae424e9a21d8364aa83

    • Size

      743KB

    • MD5

      cec5221ea002fae424e9a21d8364aa83

    • SHA1

      4bf180341bc1e1ceabe22349c7f022a9802ae0d1

    • SHA256

      983925427fd1488a162e2af402b04ecf4ebb7b2b2e3c39aa0fe12f08a9c4f5c5

    • SHA512

      0ff3592710df0367d56071766e51978b82058bc7f9162a0e4ceb4b40051a3aeb46ea6921cee20906eb4e105398055f4d2024e3b75c05fa46ce63e49b714f6607

    • SSDEEP

      12288:gL42L541isaJ4fNn6B/tToreyA9UdYXhtwdcFCrLnP5Q5wrWlx:gL2sC1n6LIAKdYcdcsr7P5Q5o

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks