Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df.exe

  • Size

    1.1MB

  • Sample

    240312-dm47zagf32

  • MD5

    89efb0f0c24dbdaaa0f59f2841f2b648

  • SHA1

    eb58341f2e64a1594b777f8de6b3c7ac18b339eb

  • SHA256

    c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df

  • SHA512

    a546fe757350947628ef698eee9d8e223fdfe48f94af445a877a4da2be67f362d67f8ed45cc176872a7b50843e74e884534025b5fd66fec2db8fa99a6e0d2272

  • SSDEEP

    24576:uAHnh+eWsN3skA4RV1Hom2KXMmHatGy3P41phH7A5:Zh+ZkldoPK8YaYy3Po76

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df.exe

    • Size

      1.1MB

    • MD5

      89efb0f0c24dbdaaa0f59f2841f2b648

    • SHA1

      eb58341f2e64a1594b777f8de6b3c7ac18b339eb

    • SHA256

      c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df

    • SHA512

      a546fe757350947628ef698eee9d8e223fdfe48f94af445a877a4da2be67f362d67f8ed45cc176872a7b50843e74e884534025b5fd66fec2db8fa99a6e0d2272

    • SSDEEP

      24576:uAHnh+eWsN3skA4RV1Hom2KXMmHatGy3P41phH7A5:Zh+ZkldoPK8YaYy3Po76

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks