Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    New Point of Contact for Corporate Courier Account - DHL.exe

  • Size

    729KB

  • Sample

    240507-dmx4nafd51

  • MD5

    801a0fcfdb264aabe346da570d1dd14b

  • SHA1

    f3b368a2972b5ab0f75f9fd48cdb44c1f6e0dc4f

  • SHA256

    566368d997e93866144f269b23a33a54d910e01c6723ea141bdf88bd9202f31a

  • SHA512

    f87d777b9c8bf8a0c22be8f801c5370ae4b5bdffa18ef155f24608d283c0aa99c2d3c033b9d48ed28a26ae73fc866d02922646b9fccc876ac1d119a8f4cdf866

  • SSDEEP

    12288:6NBwhSKlOxCWjFxRZV7PE4d+W/C1M2Q9FGpOUxHtYyN5P/SHPkR:cwtWjFxRZV7c+jsFUFtUxtYyniHK

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      New Point of Contact for Corporate Courier Account - DHL.exe

    • Size

      729KB

    • MD5

      801a0fcfdb264aabe346da570d1dd14b

    • SHA1

      f3b368a2972b5ab0f75f9fd48cdb44c1f6e0dc4f

    • SHA256

      566368d997e93866144f269b23a33a54d910e01c6723ea141bdf88bd9202f31a

    • SHA512

      f87d777b9c8bf8a0c22be8f801c5370ae4b5bdffa18ef155f24608d283c0aa99c2d3c033b9d48ed28a26ae73fc866d02922646b9fccc876ac1d119a8f4cdf866

    • SSDEEP

      12288:6NBwhSKlOxCWjFxRZV7PE4d+W/C1M2Q9FGpOUxHtYyN5P/SHPkR:cwtWjFxRZV7c+jsFUFtUxtYyniHK

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks