Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b8d6ff46309ca17651ebe70e1b648b5266b1285b132d1e6894a589c0f852c583.jar

  • Size

    137KB

  • Sample

    240510-kqj5jadd8w

  • MD5

    f369579943b1b2eb99f181bfd1ec9ee1

  • SHA1

    8542615dc9549a829fd4083c4d92008b61611ed3

  • SHA256

    b8d6ff46309ca17651ebe70e1b648b5266b1285b132d1e6894a589c0f852c583

  • SHA512

    f179f636582f1a9afef6c3328d7b430b51572429c655c96a6c642b4e5b5dcf59f089a97c2f6e7a630433d1620cde78781aa09c66eda28ea38f5a1d03021508ba

  • SSDEEP

    3072:9iwxL5G6715nxCz9e0/A2n1MzfbBMYy1+j93JyOc0kp4/AbUw4/p:LxFG67TxC9/ASiDScJy4qbUw0

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6921829812:AAEnJSJNfX1IyXT3BfHBFaRrW9XkEjVZMFs/

Targets

    • Target

      ORDER_INQUIRY_PDF.exe

    • Size

      236KB

    • MD5

      83e8748124bf874c784ce28d0dcd33f6

    • SHA1

      72006aa1d15993cdaa5790f49acbfea0da3ed726

    • SHA256

      c11bc6cda3987c89debad64d01c2e8d425d809e45db19c46d826f944891c1efe

    • SHA512

      d6ccc82440201f96903e274959c78dbd44f95681294d1a55426063eb2f14fc17c5301171a7b401e5e2e44d19a6cc366372e2275c358832eed52f3aafd0058085

    • SSDEEP

      6144:4du7zrlg25KFpMXp58+DDqFnvhydhcoKQ:frowXDDQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks