Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee

  • Size

    690KB

  • Sample

    240505-bkm5kada54

  • MD5

    b482f2939a99aa59a86f1897ae6a259f

  • SHA1

    a6785b567dcd1f65785cc26c4e7c5d58884b5e3f

  • SHA256

    5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee

  • SHA512

    a31a68e29f5ed846fc266ef4fa8b470af686ab7566c1854475685428f9a87995c479355106f554e075560f207c70bea1870133376f81c117d5d30d2ba1596c8c

  • SSDEEP

    12288:0YV6MorX7qzuC3QHO9FQVHPF51jgc++he0u2Y/ygAkcCMBM:zBXu9HGaVHRhe9ygjZ

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    }7A;Adw^&~wE

Targets

    • Target

      5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee

    • Size

      690KB

    • MD5

      b482f2939a99aa59a86f1897ae6a259f

    • SHA1

      a6785b567dcd1f65785cc26c4e7c5d58884b5e3f

    • SHA256

      5e367e602750bb9f6815450f43c4c36ae9734730835839ec85b9ef2b926f16ee

    • SHA512

      a31a68e29f5ed846fc266ef4fa8b470af686ab7566c1854475685428f9a87995c479355106f554e075560f207c70bea1870133376f81c117d5d30d2ba1596c8c

    • SSDEEP

      12288:0YV6MorX7qzuC3QHO9FQVHPF51jgc++he0u2Y/ygAkcCMBM:zBXu9HGaVHRhe9ygjZ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks