Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b

  • Size

    644KB

  • Sample

    240313-cgsfjshg2y

  • MD5

    bc3ecb6b369f3a8d284a1a9d8df411f4

  • SHA1

    a96d932d8853dcd2a6371c29801481564e97ace9

  • SHA256

    1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b

  • SHA512

    51f1f71455e9e930dde0dcd38f0c63e5d978d6388368f666f2cb0216851f68a9f25870dac23be22c62c3b7fc48070ae94094825959cbb84a59019ba805253f8d

  • SSDEEP

    12288:qsJTENl3QhyrTiJVSVHb3InQTg+Fj/qnSSFscyaxvho4p1zTUxeZ3vSsjHVZ:PxENlUQHEnSg+Fj/qnLjxvhoS1SPsDV

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b

    • Size

      644KB

    • MD5

      bc3ecb6b369f3a8d284a1a9d8df411f4

    • SHA1

      a96d932d8853dcd2a6371c29801481564e97ace9

    • SHA256

      1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b

    • SHA512

      51f1f71455e9e930dde0dcd38f0c63e5d978d6388368f666f2cb0216851f68a9f25870dac23be22c62c3b7fc48070ae94094825959cbb84a59019ba805253f8d

    • SSDEEP

      12288:qsJTENl3QhyrTiJVSVHb3InQTg+Fj/qnSSFscyaxvho4p1zTUxeZ3vSsjHVZ:PxENlUQHEnSg+Fj/qnLjxvhoS1SPsDV

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks