Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b65172028bbb2d2ac8999ab0bd106e1d

  • Size

    871KB

  • Sample

    240306-dbbfhshc8y

  • MD5

    b65172028bbb2d2ac8999ab0bd106e1d

  • SHA1

    bf5ab1bb9c6f309e73e0bab2f52ea8275cd1a288

  • SHA256

    fde9860a34f3a0e9beb1c215ef346db647f7c33dca45c3e9e32cd977b25339b2

  • SHA512

    45c10cf721e4281f2e11233e42f461e338327545afbd056f104a8eea916f874486f4e342d03d715c9965ab858d63785ae2a868e8d6d22893de9780fd0a1e17ea

  • SSDEEP

    12288:BbSmkovatXkiINBhONDsxxaM/gU1BvcJN/ug3E11jQt2NjFx8OOUB2:smkDlkiINB0DE00g0DjQMNjXLs

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      b65172028bbb2d2ac8999ab0bd106e1d

    • Size

      871KB

    • MD5

      b65172028bbb2d2ac8999ab0bd106e1d

    • SHA1

      bf5ab1bb9c6f309e73e0bab2f52ea8275cd1a288

    • SHA256

      fde9860a34f3a0e9beb1c215ef346db647f7c33dca45c3e9e32cd977b25339b2

    • SHA512

      45c10cf721e4281f2e11233e42f461e338327545afbd056f104a8eea916f874486f4e342d03d715c9965ab858d63785ae2a868e8d6d22893de9780fd0a1e17ea

    • SSDEEP

      12288:BbSmkovatXkiINBhONDsxxaM/gU1BvcJN/ug3E11jQt2NjFx8OOUB2:smkDlkiINB0DE00g0DjQMNjXLs

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks