Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    New Order 3118.doc

  • Size

    1.7MB

  • Sample

    240328-h11txsch77

  • MD5

    7a24b565d557e96657a019e0c1b93865

  • SHA1

    b760ac2545af0df54ca335d18fa2df4280646881

  • SHA256

    d9c01464eccdd1f866bca7505ea879e1f8f54a151aa3c4cab946bbc99e1e46bb

  • SHA512

    051bc3b130367e113dd7c07579d4c9a9d5ea71f71ba4dd412e25e69fa54dc03f324150dcb88eeda4405562b5232b8bc9fa25826ee7cb2aa477e2591a2f17fdf5

  • SSDEEP

    24576:oiu8COb31WA6cg4Y2YkSAWeyPIplPzEwWuPRaWnAtTZDTaMB0W1Ln7QiMZLKmVwH:Q

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      New Order 3118.doc

    • Size

      1.7MB

    • MD5

      7a24b565d557e96657a019e0c1b93865

    • SHA1

      b760ac2545af0df54ca335d18fa2df4280646881

    • SHA256

      d9c01464eccdd1f866bca7505ea879e1f8f54a151aa3c4cab946bbc99e1e46bb

    • SHA512

      051bc3b130367e113dd7c07579d4c9a9d5ea71f71ba4dd412e25e69fa54dc03f324150dcb88eeda4405562b5232b8bc9fa25826ee7cb2aa477e2591a2f17fdf5

    • SSDEEP

      24576:oiu8COb31WA6cg4Y2YkSAWeyPIplPzEwWuPRaWnAtTZDTaMB0W1Ln7QiMZLKmVwH:Q

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks