Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.23729.15045.exe

  • Size

    695KB

  • Sample

    240124-dx2jtshbgn

  • MD5

    84afeb0f3f99a109ecfa225e3251eccb

  • SHA1

    2d30673cc1175bb003c5cd538e338d1f0072e763

  • SHA256

    fd8ea7b40be90b4c239e81785b0f33e38ec3683964e714b25d69585144006def

  • SHA512

    43521678396b2eed0ea68a4a557ba6c20211b75bc082d15c67bec98644e62370a94c6cc17e088263a942ec7d92b6c8dc0910411fb65d8e395b319bc5fbe3fddb

  • SSDEEP

    12288:30WfDJPhz6NVHyV32W6s+b+7P3WvMYGapImjECV3vnXk4PdXO/fqCa6Dnp1:EMPhz6NVHvW6sekPmMxSDJtf3O/fqt87

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.cwiemeevent.com
  • Port:
    587
  • Username:
    mark.janaway@cwiemeevent.com
  • Password:
    EQpOdyH3

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.cwiemeevent.com
  • Port:
    587
  • Username:
    mark.janaway@cwiemeevent.com
  • Password:
    EQpOdyH3
  • Email To:
    mark.janaway@cwiemeevent.com

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.23729.15045.exe

    • Size

      695KB

    • MD5

      84afeb0f3f99a109ecfa225e3251eccb

    • SHA1

      2d30673cc1175bb003c5cd538e338d1f0072e763

    • SHA256

      fd8ea7b40be90b4c239e81785b0f33e38ec3683964e714b25d69585144006def

    • SHA512

      43521678396b2eed0ea68a4a557ba6c20211b75bc082d15c67bec98644e62370a94c6cc17e088263a942ec7d92b6c8dc0910411fb65d8e395b319bc5fbe3fddb

    • SSDEEP

      12288:30WfDJPhz6NVHyV32W6s+b+7P3WvMYGapImjECV3vnXk4PdXO/fqCa6Dnp1:EMPhz6NVHvW6sekPmMxSDJtf3O/fqt87

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.