Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FACTURAS PENDIENTES.exe

  • Size

    736KB

  • Sample

    240410-tfrajage3y

  • MD5

    be5049954ae1360c7c73edc98c252948

  • SHA1

    347c475c80875dec8a84f6fbb70309e73f6c6036

  • SHA256

    912444aec56fd47f95d449249675e51f2b07da90934d486c0d91e148cec71567

  • SHA512

    8151efe7a2cbc5af735bd19eae31398ffae0fa19d97991903005c2d0d39e112285c4ea1ccc336429d293a29716d5df38439a1f43caac8f9d4f8fc9991acb89f1

  • SSDEEP

    12288:SydzjtuEA9MsXWyiXiP9tyy2mFYauVJhsM4DZ264KuinZ5F0y65u:SydzB+7XxiXYt12mFYauVjcF2KtnZINw

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6840869330:AAEZ4yOJb6l9YkHVol7BaSnML2_yNUN78Xg/

Targets

    • Target

      FACTURAS PENDIENTES.exe

    • Size

      736KB

    • MD5

      be5049954ae1360c7c73edc98c252948

    • SHA1

      347c475c80875dec8a84f6fbb70309e73f6c6036

    • SHA256

      912444aec56fd47f95d449249675e51f2b07da90934d486c0d91e148cec71567

    • SHA512

      8151efe7a2cbc5af735bd19eae31398ffae0fa19d97991903005c2d0d39e112285c4ea1ccc336429d293a29716d5df38439a1f43caac8f9d4f8fc9991acb89f1

    • SSDEEP

      12288:SydzjtuEA9MsXWyiXiP9tyy2mFYauVJhsM4DZ264KuinZ5F0y65u:SydzB+7XxiXYt12mFYauVjcF2KtnZINw

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks