Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c

  • Size

    666KB

  • Sample

    240417-ry24msdg7w

  • MD5

    f2b9d62c09ab2759b02b99e5c029370e

  • SHA1

    20527a71b9ee37753dcce46468d75cc33fb5c704

  • SHA256

    dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c

  • SHA512

    cb6c62b763d21597d25307720f05bf5ec25618246c87cf45953e78409323e0650167c894638e531f3f3111b41ba5de78805d751c4bf154622565fc060b43ef61

  • SSDEEP

    12288:DrnQwGSi8q0gYd+3DDuFcUa5j8Obo67zIdlakurXMgKgw6UnGbeN7BBgIqQGs/MZ:DzGSi8q7mYDupa5j8H6fIdQRX9FUseBe

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5935236817:AAFQXd5DfJIspEP49cvtN8EkM-g0qi2ZyW8/

Targets

    • Target

      ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe

    • Size

      747KB

    • MD5

      ec6e0608754df82d29771061ba8e5bb0

    • SHA1

      87be8fef2e23ad39099fbfbea85f9778d0b597ad

    • SHA256

      ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a

    • SHA512

      4ba4dfee9dc84fdf01ef8b4791597bf49b90e8cd561aaf4340b29bb955967b610e5f230c10e8cce723a278daba65987929ae54fd2468ee000d2ed76d58846a7a

    • SSDEEP

      12288:JyRAYQ4LsQw/1sX75cPblhP4JoqfRR+bMXQb2wCWbF612k+NFQ1jt8TFpWO7j94+:+AC+/1G5cPJhQeqfT+bMXQb2Qjc1ju/8

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks