Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c58dd3d488f98f2f3a033cf1e5d08dd9

  • Size

    534KB

  • Sample

    240313-lqwc8scb45

  • MD5

    c58dd3d488f98f2f3a033cf1e5d08dd9

  • SHA1

    9df35cfaa2e8030561eb7bf9a614a0479844fec9

  • SHA256

    4a19ce649f5056cc58e8facde71ef49d442c28fd308be131ecaa64ca1af93274

  • SHA512

    c4448568f6e43afdd0d98ef01af870fdb8969a85691994c55b4308b48f353bb205f2ffe8f3b194b0b1dba3f7c735fd93431bb7edbdc3899a458237c43d38e345

  • SSDEEP

    12288:hpK5q6LiSSGEjVZ266IQrXUhCuWG/O4TNVQu:hYbubOM

Malware Config

Extracted

Family

agenttesla

C2

http://180.214.239.67/k/p3c/inc/e8cc68c0649f72.php

Targets

    • Target

      c58dd3d488f98f2f3a033cf1e5d08dd9

    • Size

      534KB

    • MD5

      c58dd3d488f98f2f3a033cf1e5d08dd9

    • SHA1

      9df35cfaa2e8030561eb7bf9a614a0479844fec9

    • SHA256

      4a19ce649f5056cc58e8facde71ef49d442c28fd308be131ecaa64ca1af93274

    • SHA512

      c4448568f6e43afdd0d98ef01af870fdb8969a85691994c55b4308b48f353bb205f2ffe8f3b194b0b1dba3f7c735fd93431bb7edbdc3899a458237c43d38e345

    • SSDEEP

      12288:hpK5q6LiSSGEjVZ266IQrXUhCuWG/O4TNVQu:hYbubOM

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks