Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105.exe

  • Size

    1.0MB

  • Sample

    240229-fs92hsed56

  • MD5

    852bc2cdc32032cdaffc6e416f575382

  • SHA1

    3a758f73fbc5bdbce2aaea3d53f3049106c4c1ba

  • SHA256

    02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105

  • SHA512

    30b3fddb2c1db19a9448c12fff117451e90a3adb29193b77d0e702978ca3d2f2dab7ce8d216adc7897c9e2117ba36b109b9dd168a66ef148b330b9ac429dab62

  • SSDEEP

    24576:rtb20pkaCqT5TBWgNQ7agocS0JK/+f9d6A:oVg5tQ7agXHUe5

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105.exe

    • Size

      1.0MB

    • MD5

      852bc2cdc32032cdaffc6e416f575382

    • SHA1

      3a758f73fbc5bdbce2aaea3d53f3049106c4c1ba

    • SHA256

      02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105

    • SHA512

      30b3fddb2c1db19a9448c12fff117451e90a3adb29193b77d0e702978ca3d2f2dab7ce8d216adc7897c9e2117ba36b109b9dd168a66ef148b330b9ac429dab62

    • SSDEEP

      24576:rtb20pkaCqT5TBWgNQ7agocS0JK/+f9d6A:oVg5tQ7agXHUe5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks