Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    HZbCDaqwtPi2zal.exe

  • Size

    810.6MB

  • Sample

    240223-p7s6zsgb8z

  • MD5

    e755bcacbf899bd6e5c2367bf091c5d2

  • SHA1

    2db2db6c4a6eb93f36e69f6fc78c54b83ba43c88

  • SHA256

    5094852f033740dcb4569b76459d566fc4391c81d9257f50390c3289f4d1aa6a

  • SHA512

    85e7001d7737fc0efc93b315b1fccb75ec27c54e07e2e7ae9d479bc47bf32b5c3b851e6bec5a9bf66e98af7b87c7b2363b62a6d1860ad9a5167c148a00211643

  • SSDEEP

    12288:TlW3HmzBh35JcUAfBcjxUW9PzqUZGaPPBraBUQ0Ym:5BzrztUW1zNbPBraBUd

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6981023497:AAHl8hNT6c3ywQtrLSswit8gBAF4M9xCAZU/

Targets

    • Target

      HZbCDaqwtPi2zal.exe

    • Size

      810.6MB

    • MD5

      e755bcacbf899bd6e5c2367bf091c5d2

    • SHA1

      2db2db6c4a6eb93f36e69f6fc78c54b83ba43c88

    • SHA256

      5094852f033740dcb4569b76459d566fc4391c81d9257f50390c3289f4d1aa6a

    • SHA512

      85e7001d7737fc0efc93b315b1fccb75ec27c54e07e2e7ae9d479bc47bf32b5c3b851e6bec5a9bf66e98af7b87c7b2363b62a6d1860ad9a5167c148a00211643

    • SSDEEP

      12288:TlW3HmzBh35JcUAfBcjxUW9PzqUZGaPPBraBUQ0Ym:5BzrztUW1zNbPBraBUd

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks