Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Purchase Order No.P7696úPDF.scr.exe

  • Size

    272KB

  • Sample

    240430-kd568sgc86

  • MD5

    44da2db8ae227ad85e96425a0a79aefa

  • SHA1

    6edcfbabed09c4263b448621ac2f79ea866d2cea

  • SHA256

    58cba3ae490d7976c71d82d55fb49d381223b79171d05ef737d5c907f3723417

  • SHA512

    73a6cb201f1ff258c6fdb92a98b5917bb08b687078dde3cbb553cd78f937d0d67ec25620a149681a7a76bfbd8989363c41477d68aa5ebf65564d38289f4df0ab

  • SSDEEP

    6144:QCmBE08tYLuZaEBrdm4Vz0RpppppppppppppppppppppppppppppV:TmBABrdm4Vz0Rppppppppppppppppppf

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Purchase Order No.P7696úPDF.scr.exe

    • Size

      272KB

    • MD5

      44da2db8ae227ad85e96425a0a79aefa

    • SHA1

      6edcfbabed09c4263b448621ac2f79ea866d2cea

    • SHA256

      58cba3ae490d7976c71d82d55fb49d381223b79171d05ef737d5c907f3723417

    • SHA512

      73a6cb201f1ff258c6fdb92a98b5917bb08b687078dde3cbb553cd78f937d0d67ec25620a149681a7a76bfbd8989363c41477d68aa5ebf65564d38289f4df0ab

    • SSDEEP

      6144:QCmBE08tYLuZaEBrdm4Vz0RpppppppppppppppppppppppppppppV:TmBABrdm4Vz0Rppppppppppppppppppf

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks