Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4a9211a0d444f60e0d9ad26dce8c270b

  • Size

    1.1MB

  • Sample

    240108-f9njvadae2

  • MD5

    4a9211a0d444f60e0d9ad26dce8c270b

  • SHA1

    b90ae0e6b1a0303e41ab52544ba5a7f484a659ea

  • SHA256

    3bd8e05a0c93d1a5b6b0fb855904f2b1c1ac52e8f78727a0b6045823a5bfd5c9

  • SHA512

    733491734c8c0ab7254f2813dcd5d38046336a1999fa256db49a8ab4c1cffe2fa525d222ef0bc34896f9e10b9e085b6cef98f330308c139c227b271e61915e14

  • SSDEEP

    24576:C5NjLCxr/d3FK64JARnhRsb+gMCduSGfieQr:CD+1K64JQRsbCCduSGHQr

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1573682282:AAEqJZjS75KdrM3hW3WnSL2zr2o3a3lESbk/sendDocument

Targets

    • Target

      4a9211a0d444f60e0d9ad26dce8c270b

    • Size

      1.1MB

    • MD5

      4a9211a0d444f60e0d9ad26dce8c270b

    • SHA1

      b90ae0e6b1a0303e41ab52544ba5a7f484a659ea

    • SHA256

      3bd8e05a0c93d1a5b6b0fb855904f2b1c1ac52e8f78727a0b6045823a5bfd5c9

    • SHA512

      733491734c8c0ab7254f2813dcd5d38046336a1999fa256db49a8ab4c1cffe2fa525d222ef0bc34896f9e10b9e085b6cef98f330308c139c227b271e61915e14

    • SSDEEP

      24576:C5NjLCxr/d3FK64JARnhRsb+gMCduSGfieQr:CD+1K64JQRsbCCduSGHQr

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks