Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2768-7-0x0000000000530000-0x0000000000572000-memory.dmp

  • Size

    264KB

  • Sample

    240319-kbqzjaeg46

  • MD5

    e4d38994e2cbe87f68e2a4d66ae6bda3

  • SHA1

    a19b4c44fb3ee5dcc2718844fcad9ecf1065c987

  • SHA256

    7e361161ec5e450e2641e8be99511ad7bf923a5b20bc993be457fe3ccb632422

  • SHA512

    7384a42e180fdd695fc228c8c8fecc7bf0bb823bd847743af444ee8f9924213afd2d70c3f2ea985bc47a0ca7c1fd8127eec42d055db362880fe867ff2c38212a

  • SSDEEP

    3072:SOSt59h9e903l2e5QwXB1xq6Upu5ka+o9jP:Sft59h9e903lRXBrq6IA+U

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.jeepcommerce.rs
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    q[0r3BqZHV[u

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.jeepcommerce.rs
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    q[0r3BqZHV[u

Targets

    • Target

      2768-7-0x0000000000530000-0x0000000000572000-memory.dmp

    • Size

      264KB

    • MD5

      e4d38994e2cbe87f68e2a4d66ae6bda3

    • SHA1

      a19b4c44fb3ee5dcc2718844fcad9ecf1065c987

    • SHA256

      7e361161ec5e450e2641e8be99511ad7bf923a5b20bc993be457fe3ccb632422

    • SHA512

      7384a42e180fdd695fc228c8c8fecc7bf0bb823bd847743af444ee8f9924213afd2d70c3f2ea985bc47a0ca7c1fd8127eec42d055db362880fe867ff2c38212a

    • SSDEEP

      3072:SOSt59h9e903l2e5QwXB1xq6Upu5ka+o9jP:Sft59h9e903lRXBrq6IA+U

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks