Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d23d7720e102defe044a98f19b42fd6e94ef0bd607f01270f4957db595051114

  • Size

    663KB

  • Sample

    240516-bf9srsdc21

  • MD5

    d82c117b3945a7f976355b6dc36a5162

  • SHA1

    44c2659ae7a7e97fdb2f51b7ee3082b183e59afd

  • SHA256

    d23d7720e102defe044a98f19b42fd6e94ef0bd607f01270f4957db595051114

  • SHA512

    663d59966422b8fe6ff1104465f0911d67d2274c8820ba643228a0a802065a33e5a5abf82e38829148c6d271f27eb45af1d6a0444c1155fb527500aa1905debd

  • SSDEEP

    12288:PoFgYKpHNpEYGkK55kPLB2pMi7WftzxSvNPOT7VNT3PJrdzb4BDwN:4gYKpHjFBK50L0ZE9yNINT3PJRP4w

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      d23d7720e102defe044a98f19b42fd6e94ef0bd607f01270f4957db595051114

    • Size

      663KB

    • MD5

      d82c117b3945a7f976355b6dc36a5162

    • SHA1

      44c2659ae7a7e97fdb2f51b7ee3082b183e59afd

    • SHA256

      d23d7720e102defe044a98f19b42fd6e94ef0bd607f01270f4957db595051114

    • SHA512

      663d59966422b8fe6ff1104465f0911d67d2274c8820ba643228a0a802065a33e5a5abf82e38829148c6d271f27eb45af1d6a0444c1155fb527500aa1905debd

    • SSDEEP

      12288:PoFgYKpHNpEYGkK55kPLB2pMi7WftzxSvNPOT7VNT3PJrdzb4BDwN:4gYKpHjFBK50L0ZE9yNINT3PJRP4w

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UAC bypass

    • Windows security bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks