Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ac999a2ef584acc00e14f5e3359b15a9f1edffd22501de55cc1403de3603d18

  • Size

    643KB

  • Sample

    240511-kkn7ashe3t

  • MD5

    484e3d0aa5a64897a0d316a7b38239eb

  • SHA1

    71965a4bb45c5214e8c2681828ad12c8851051fe

  • SHA256

    6ac999a2ef584acc00e14f5e3359b15a9f1edffd22501de55cc1403de3603d18

  • SHA512

    55bd3b5b12d5b7ca70529b239ceee105d53a2a0e40501cd01cf4093a101598928d3a45f3440f558996dbff531581c17b24fefc7e2e71fd7f59767c82dae2487e

  • SSDEEP

    12288:Km2BR19GHdqGv6w+v16//3jo+L66bPXN9AIWRPHfWFVyVUeyP4BVwz+CY:KmU1uqGiBvw/3jO6bojF/+IVUeyP6GnY

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6698844298:AAF9oR0Jf7k4zXD2nMFwUYBsEQgGIs_Be9c/

Targets

    • Target

      d54fdb5d73a15239d0d6f187dbf737cb1f5efa584c92b37d1ad64b8e076045c7.exe

    • Size

      1.1MB

    • MD5

      9270383983cd04e811a7caa8a4ee5f5b

    • SHA1

      97412ef26cbd4745b15d6e41dba416103fc98924

    • SHA256

      d54fdb5d73a15239d0d6f187dbf737cb1f5efa584c92b37d1ad64b8e076045c7

    • SHA512

      e806337642a270962193c535ca8f463bab2bb711576dde877039798ee20952d96df0c6d42c6d51e71ace83375c17e3fcd5eb83587651ec9cbf4b5b48278a39a1

    • SSDEEP

      24576:OqDEvCTbMWu7rQYlBQcBiT6rprG8asC6NRh:OTvC/MTQYxsWR7asJP

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.