Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a0e1795f5c66d1ec96b5066abc69c68623b83fd8f3c56c760b5dfd54a4465b92

  • Size

    13KB

  • Sample

    240312-bwj72sca5w

  • MD5

    7fae3e736aa127cc84f63e20ffa37d33

  • SHA1

    a4f3fcac3614021851b094b011f67aadccfa856c

  • SHA256

    a0e1795f5c66d1ec96b5066abc69c68623b83fd8f3c56c760b5dfd54a4465b92

  • SHA512

    414c98dbfe9a5ea2fce994ab0ab143cff96bfbcd4dbe69830f90138d4c329337b8a14e88c3f96bfd94ba62d1bd580558a1fc927728c0e9c9533d688e2189741a

  • SSDEEP

    384:Sxrj/4BVkztIpPAoskmi1d+ma/GWCr3hgfPH+loR1iVpPgRgVNab544qgnp/+P8I:SMVPpPAos41gN/GFr3hgfGu2VTU144qP

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.bahattinmollamahmutoglu.com.tr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Bukky101@

Targets

    • Target

      a0e1795f5c66d1ec96b5066abc69c68623b83fd8f3c56c760b5dfd54a4465b92

    • Size

      13KB

    • MD5

      7fae3e736aa127cc84f63e20ffa37d33

    • SHA1

      a4f3fcac3614021851b094b011f67aadccfa856c

    • SHA256

      a0e1795f5c66d1ec96b5066abc69c68623b83fd8f3c56c760b5dfd54a4465b92

    • SHA512

      414c98dbfe9a5ea2fce994ab0ab143cff96bfbcd4dbe69830f90138d4c329337b8a14e88c3f96bfd94ba62d1bd580558a1fc927728c0e9c9533d688e2189741a

    • SSDEEP

      384:Sxrj/4BVkztIpPAoskmi1d+ma/GWCr3hgfPH+loR1iVpPgRgVNab544qgnp/+P8I:SMVPpPAos41gN/GFr3hgfGu2VTU144qP

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks