Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TEST.VBS

  • Size

    30KB

  • Sample

    240501-g9esdaaa6s

  • MD5

    79cde2afc7c9728e06e97accc2dab261

  • SHA1

    f9f713f4ad8ce8509bea6607f1ee72be31e9fd5a

  • SHA256

    197d20a18f051870a4e9f523c527f7afa090e0ffc601004866fd2f6b3e65eba1

  • SHA512

    2f1043c89fab2b0a0ee580ebf019dfe0b99f6b9a9c372d156133061c38486a2f9d8a5d197483056475df45d3cc9a8e21be9468fa1cfbb2e0d0e44428d1e62bf4

  • SSDEEP

    768:qLArydgFfQ4+RtZI4BNoNzgiISkDGXeKpUaWNxHNs16h4:qsryoF

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.folder.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    xgkFQ6fqqo}J

Targets

    • Target

      TEST.VBS

    • Size

      30KB

    • MD5

      79cde2afc7c9728e06e97accc2dab261

    • SHA1

      f9f713f4ad8ce8509bea6607f1ee72be31e9fd5a

    • SHA256

      197d20a18f051870a4e9f523c527f7afa090e0ffc601004866fd2f6b3e65eba1

    • SHA512

      2f1043c89fab2b0a0ee580ebf019dfe0b99f6b9a9c372d156133061c38486a2f9d8a5d197483056475df45d3cc9a8e21be9468fa1cfbb2e0d0e44428d1e62bf4

    • SSDEEP

      768:qLArydgFfQ4+RtZI4BNoNzgiISkDGXeKpUaWNxHNs16h4:qsryoF

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks