Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    52216cbf421b17963f4c4f9b9dedd228

  • Size

    803KB

  • Sample

    231226-eg2qbsadfk

  • MD5

    52216cbf421b17963f4c4f9b9dedd228

  • SHA1

    3478e3a82560a9cf8d65d2e49eb6564323145326

  • SHA256

    606e2c0a9645a0537329503d77824f84c84bc0f06a614806714dcc1b2603bbf2

  • SHA512

    6d3b7a0972ee98db7a3f9fba37eae29f898ea41c536bda717a37eef4352340beab6276acfa074f31f2c464402e2ed72c6946f1ca0c81fefaca0faa30c556cdd2

  • SSDEEP

    24576:HyheDNVn2MN4enJW7uVjSIFxC1BkqZUk7r:Su2MNdFs

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    romeovm2015

Targets

    • Target

      ORDEN DE COMPRA.exe

    • Size

      893KB

    • MD5

      83f87a4734849d17938d841c91ee53c6

    • SHA1

      06950782e923a1fc76dcb8c590580b58a2eb4c2f

    • SHA256

      b822f0fdc5aac44af623c0fe224fca6af76feac6f2bccb59ab15cfcdaa7bfe0f

    • SHA512

      ae947be1864ab0ed1a09a947c71a1f872ee5ecfcccf0fbbceba1da2287ff885a1df1bd5844b219cbccd821d95f3dd25d7ec5ba51267585d62bb9ab6fc737428a

    • SSDEEP

      12288:ALNphggghCLV2GecUowJVNaU67hB/6Vj3Fh1JKWd+WMcsDwky7Dz71pP7mo5oFC4:UNphggZVDgNavhxohe6XF7mo5oFCEkv

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks