Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1710178566fbf0a8a6e23ccef0f9781bb1f33a2fe89164c091d2255097a08abc03d7698e53136.dat-decoded.exe

  • Size

    238KB

  • Sample

    240311-v66ctahf3v

  • MD5

    232be6f79d5197ab3a7378bbababcc06

  • SHA1

    1c2523b16c3e35c230bee71ddf8f251c91a663c2

  • SHA256

    31b5427b86d6f1e9b200d17ebdadeb84e2e58bbb5046b4dba9c5050c0f47ace6

  • SHA512

    38f66b6096969cba611dfa7dc8740c9a1e173192cd57dbbfc53a51a9cd43ac37feba3f500ca73ff7e815fc5183478d093b220da0c617eff6498a8ca39b70c6bf

  • SSDEEP

    3072:evi8wEgsvHLVLWIrnAU/HW6T2Kt6DL5A9g9icVY:Ui8wEgsvHLVLW4nAU/pt6Dgg9

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Q-1HmWsBJgRe

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Q-1HmWsBJgRe

Targets

    • Target

      1710178566fbf0a8a6e23ccef0f9781bb1f33a2fe89164c091d2255097a08abc03d7698e53136.dat-decoded.exe

    • Size

      238KB

    • MD5

      232be6f79d5197ab3a7378bbababcc06

    • SHA1

      1c2523b16c3e35c230bee71ddf8f251c91a663c2

    • SHA256

      31b5427b86d6f1e9b200d17ebdadeb84e2e58bbb5046b4dba9c5050c0f47ace6

    • SHA512

      38f66b6096969cba611dfa7dc8740c9a1e173192cd57dbbfc53a51a9cd43ac37feba3f500ca73ff7e815fc5183478d093b220da0c617eff6498a8ca39b70c6bf

    • SSDEEP

      3072:evi8wEgsvHLVLWIrnAU/HW6T2Kt6DL5A9g9icVY:Ui8wEgsvHLVLW4nAU/pt6Dgg9

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks