Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    rOrden00095746exe.exe

  • Size

    1.1MB

  • Sample

    240109-xbbk3ahaf8

  • MD5

    aef03a204faf2cfa386c87b771f5af4b

  • SHA1

    f83fae445c4bd160494438f5e04b5ad4ff426266

  • SHA256

    f47c028b576f0510c5a5ecee522789eccef66ac59d3d60e7b4c91ef0841e9730

  • SHA512

    bfa22f478952af5f43301620c9c3eac08ebd60b583e62a29d1f514d44ab55776a23b871e788a8b7eca3a7973ee38a2e05421f4879fb8b4fcf52cad29beca8dbc

  • SSDEEP

    24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8aEJT/UP58mv1Dw:8TvC/MTQYxsWR7aEJTYXv1

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.siscop.com.co
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    +5s48Ia2&-(t

Targets

    • Target

      rOrden00095746exe.exe

    • Size

      1.1MB

    • MD5

      aef03a204faf2cfa386c87b771f5af4b

    • SHA1

      f83fae445c4bd160494438f5e04b5ad4ff426266

    • SHA256

      f47c028b576f0510c5a5ecee522789eccef66ac59d3d60e7b4c91ef0841e9730

    • SHA512

      bfa22f478952af5f43301620c9c3eac08ebd60b583e62a29d1f514d44ab55776a23b871e788a8b7eca3a7973ee38a2e05421f4879fb8b4fcf52cad29beca8dbc

    • SSDEEP

      24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8aEJT/UP58mv1Dw:8TvC/MTQYxsWR7aEJTYXv1

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks