Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e-dekont_html.scr.exe

  • Size

    1.0MB

  • Sample

    240416-slqeradb99

  • MD5

    abc774f48c2e514bde4ba275a4314b4a

  • SHA1

    141d5d859afb0340302bd4ee2ca2be9493f39804

  • SHA256

    fad3e7058eb2fa88ce97e62a6a243748d6736f9c4e21e4112ed61a40813588b2

  • SHA512

    3d2158afab276197313827e33bf25302b623fbf69a48892fcceb69c50690bf6bf9e7047ab18870030259bdb34d9b3fa7a32552a6964698f354e03ae531978065

  • SSDEEP

    24576:kp7jSc9duaYoRV9ii5nHMAXJ2LiMOxckwle5O4i:sGc9VTntVXJKiu

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cp8nl.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Targets

    • Target

      e-dekont_html.scr.exe

    • Size

      1.0MB

    • MD5

      abc774f48c2e514bde4ba275a4314b4a

    • SHA1

      141d5d859afb0340302bd4ee2ca2be9493f39804

    • SHA256

      fad3e7058eb2fa88ce97e62a6a243748d6736f9c4e21e4112ed61a40813588b2

    • SHA512

      3d2158afab276197313827e33bf25302b623fbf69a48892fcceb69c50690bf6bf9e7047ab18870030259bdb34d9b3fa7a32552a6964698f354e03ae531978065

    • SSDEEP

      24576:kp7jSc9duaYoRV9ii5nHMAXJ2LiMOxckwle5O4i:sGc9VTntVXJKiu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks