Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.InjectorX-gen.6979.19171.exe

  • Size

    761KB

  • Sample

    240201-g52fksfbbl

  • MD5

    3d8c54bb1e30ac85fb2e4de947704215

  • SHA1

    d9e7c98cdffd52fd779ba4eb7b71382d36635af9

  • SHA256

    b478ff97e82ba8a98a92a5d3bd42c23e73aa8507a6f9943e5aac5edbb092b0c4

  • SHA512

    6db6a2b7872888a0b4dc352538a582fa152a160dee4acbb16a18f83ce69b234189cd4d8235696ba23a11d5438fcd836e5ad28c4fc89c6787c096972abd228777

  • SSDEEP

    12288:NNPrd53rD22qi0sw9+6B2V0T/hcJKycoy+Dz9qeLvmXBM5k6x1OfdVTBtVZ0bF+Z:Nx3rDIhr+6B1T/dycJEVvmXBMZx1OFVl

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.InjectorX-gen.6979.19171.exe

    • Size

      761KB

    • MD5

      3d8c54bb1e30ac85fb2e4de947704215

    • SHA1

      d9e7c98cdffd52fd779ba4eb7b71382d36635af9

    • SHA256

      b478ff97e82ba8a98a92a5d3bd42c23e73aa8507a6f9943e5aac5edbb092b0c4

    • SHA512

      6db6a2b7872888a0b4dc352538a582fa152a160dee4acbb16a18f83ce69b234189cd4d8235696ba23a11d5438fcd836e5ad28c4fc89c6787c096972abd228777

    • SSDEEP

      12288:NNPrd53rD22qi0sw9+6B2V0T/hcJKycoy+Dz9qeLvmXBM5k6x1OfdVTBtVZ0bF+Z:Nx3rDIhr+6B1T/dycJEVvmXBMZx1OFVl

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks