Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c2730a3d8925ff19b3311ced1a3d99f4

  • Size

    503KB

  • Sample

    240312-e3zg4aac87

  • MD5

    c2730a3d8925ff19b3311ced1a3d99f4

  • SHA1

    e25859d30656f0f90c43f3f6889017b02829f606

  • SHA256

    4fedc6f8f522f5206bb6b51bf5c08ceeae4e9836275fee16acaed877f37521cf

  • SHA512

    7f60bf7c15dc0585937bef0db93f96bf3dd24692738458f81fe6323a0d273d5d481ec51c43b7f9d2905617ba1bf69bccc683f66b78637976de385d61cc623af0

  • SSDEEP

    12288:gTjcrDlutbk72Tzj6aN8HwXgiNRFOprkYj6vSa4QWBz:llutQ2TvN8HeRFej6abF

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.curnic.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    TiqEDNO8

Targets

    • Target

      swifft copy 0093278521.exe

    • Size

      450KB

    • MD5

      9d42843c35d0966b1503073cc442bf9e

    • SHA1

      a4b1a2c164d8adf84a13994989534393674f13a2

    • SHA256

      4bf346800f68830efab30a45be76b05cc82a3055281623ccdc3d56d52632bbe6

    • SHA512

      b394f0117563e13a1abb248b5368294abbe60764fe8826b7cd5c0e618e1ccab39ab3804fbaedcc6d94e43554667e318a98e082190720682c74ac6fbe1fb02279

    • SSDEEP

      12288:vTw6pgPcGMt8BCQZo9RC+1QjoZnGvgznz/cQ:vjG+0CpRQS4g7zb

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks