Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    489e95811f4464a98cb9c2ed1bccea96

  • Size

    1.1MB

  • Sample

    240107-lgt4taacal

  • MD5

    489e95811f4464a98cb9c2ed1bccea96

  • SHA1

    f68b4a40405b598f92f1319af286735851340d3e

  • SHA256

    07f71531fb540881da4f829038da3222e3fea6c27b2aeecefb9208bca648daf8

  • SHA512

    0774ddeabd257c69822f4fbdeb836c0e02439a974d2a63a532d841893d02cbaf670f45a47a97b79ddf568756c6ad95e9c0be52e975712560638384af087a7201

  • SSDEEP

    24576:8AOcZ6JVYy0kWE8Q2Qe0E3fhNQXNmrK4VEZe:qhjT8Q2FOIrK+Es

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    secure219.inmotionhosting.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7mgTt7O(h.O64J@

Targets

    • Target

      489e95811f4464a98cb9c2ed1bccea96

    • Size

      1.1MB

    • MD5

      489e95811f4464a98cb9c2ed1bccea96

    • SHA1

      f68b4a40405b598f92f1319af286735851340d3e

    • SHA256

      07f71531fb540881da4f829038da3222e3fea6c27b2aeecefb9208bca648daf8

    • SHA512

      0774ddeabd257c69822f4fbdeb836c0e02439a974d2a63a532d841893d02cbaf670f45a47a97b79ddf568756c6ad95e9c0be52e975712560638384af087a7201

    • SSDEEP

      24576:8AOcZ6JVYy0kWE8Q2Qe0E3fhNQXNmrK4VEZe:qhjT8Q2FOIrK+Es

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks