Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    132ad9758c964214b0af2db6416f72ee

  • Size

    496KB

  • Sample

    231230-j531hsbch5

  • MD5

    132ad9758c964214b0af2db6416f72ee

  • SHA1

    3c36f755283a9f96d3b2af286bfe5e947cba1a48

  • SHA256

    375b7639c4540b562c82494ffefe34ed936a61178a172121e175f28e038cc43a

  • SHA512

    ebd5849dfda7c0b54da4b5832e7472cab0dbc1ed37cb9a25cf1a2614c3e49abc5b990b2e830258527355e059d754769ddbc37994abfeb177c60b39a00a2f9187

  • SSDEEP

    12288:bIRQX5P9CkBEf6jZkQUgeFz/MX/AnJtcme:c6/C8Y6V4geFIvALte

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.executives-hotel.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ywjig53hcfmv

Targets

    • Target

      132ad9758c964214b0af2db6416f72ee

    • Size

      496KB

    • MD5

      132ad9758c964214b0af2db6416f72ee

    • SHA1

      3c36f755283a9f96d3b2af286bfe5e947cba1a48

    • SHA256

      375b7639c4540b562c82494ffefe34ed936a61178a172121e175f28e038cc43a

    • SHA512

      ebd5849dfda7c0b54da4b5832e7472cab0dbc1ed37cb9a25cf1a2614c3e49abc5b990b2e830258527355e059d754769ddbc37994abfeb177c60b39a00a2f9187

    • SSDEEP

      12288:bIRQX5P9CkBEf6jZkQUgeFz/MX/AnJtcme:c6/C8Y6V4geFIvALte

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks