Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2e84ff9971ebc6427d9e916d9dabb727.bin

  • Size

    1KB

  • Sample

    240212-b5qq7aeg8v

  • MD5

    3b9c8fcf0d957a74a318a582d8a2386a

  • SHA1

    0317abf7efdb24e38614a06b992a7d3a43139572

  • SHA256

    194e39ac780ea074d02b4faa0a261f3bbf4d01bdf038a85b657b4be166108ee1

  • SHA512

    828b51d334f62514097abbce205a22b4d4826977860a8a41c105cd538a7a9d4b4094c94230f610617274493683cd99f6d6d389e1a977e72ccad2eca62c58ea64

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      f4691cad5e54ee1d239725e5d2ae270a3ab1e6ffec22bc5fe93d42756d78861e.vbs

    • Size

      2KB

    • MD5

      2e84ff9971ebc6427d9e916d9dabb727

    • SHA1

      2cff9666dad3cf3afbfa379718f31081fb1ed57a

    • SHA256

      f4691cad5e54ee1d239725e5d2ae270a3ab1e6ffec22bc5fe93d42756d78861e

    • SHA512

      1224ec9e4dfa00fb6c8ccd8cac0d775e883a2228a2cb34ed2b394bd6716f43b964820a69a8cc56f086372740bda283ad5d69a1e5f312b60de97de3106c9da922

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks