Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6,992,227 USD SWIFT.z

  • Size

    720KB

  • Sample

    240223-jn15lade5t

  • MD5

    e8f281bec691df92e0b274bda48a9023

  • SHA1

    8c95b511461e3fc31d02339ccaa5842676359970

  • SHA256

    58ea08f23802ebf24469ecb15cfed7c0158ca8254863ce93bb3b5a58646170e0

  • SHA512

    5721306f332aa975c9e2c2b800b7cb5d9b1ede8494269514300ed47162b9faec64876f72f14f3ac42a415ce7ea4ee0c72988c409f24d9e54f846eaeb6486932d

  • SSDEEP

    12288:IlW3/mzBh35wwzAPV2Krnt+aq+2sXWlVEovGpv2wa0uNqEjzt3X2OkR:8B3zZatZ2RVXeG9HBu

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      6,992,227 USD SWIFT.z

    • Size

      720KB

    • MD5

      e8f281bec691df92e0b274bda48a9023

    • SHA1

      8c95b511461e3fc31d02339ccaa5842676359970

    • SHA256

      58ea08f23802ebf24469ecb15cfed7c0158ca8254863ce93bb3b5a58646170e0

    • SHA512

      5721306f332aa975c9e2c2b800b7cb5d9b1ede8494269514300ed47162b9faec64876f72f14f3ac42a415ce7ea4ee0c72988c409f24d9e54f846eaeb6486932d

    • SSDEEP

      12288:IlW3/mzBh35wwzAPV2Krnt+aq+2sXWlVEovGpv2wa0uNqEjzt3X2OkR:8B3zZatZ2RVXeG9HBu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks