Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c38004d64527485b578d23cece3566ae.bin

  • Size

    333KB

  • Sample

    240516-dsvkqaab28

  • MD5

    4f61eeb74cff7e8f5f40796066285276

  • SHA1

    39e341ebea6e85e2883c509d2331c2e267c623f7

  • SHA256

    de8e0a641f0d9766a2070075977f173540d308d4bd9891ed79886f1d3946c692

  • SHA512

    6b89d202d74c7b174d2310c0b676856ac010fcf780cfda9e9d6f269c15bc6004e8370c6f12f0849f4c9cb879b2a0af31a8ffacdf4383825ce96c7f4575a48233

  • SSDEEP

    6144:31Ju3cWoTiBUiU0nZhe6CkaAlBqLEF9/JibZDQB/I8xw7yLuntwtBHxQYkjwU:31JgF6iLHO1k5y4FyZsdb+O5txxNy3

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      9b6fc00623210be4340042bb63c2e7d674cb62de15d8d296ac93a6ad57e78984.exe

    • Size

      505KB

    • MD5

      c38004d64527485b578d23cece3566ae

    • SHA1

      765cb217e0da4d242359b4dd6b96adb7872a9c16

    • SHA256

      9b6fc00623210be4340042bb63c2e7d674cb62de15d8d296ac93a6ad57e78984

    • SHA512

      6f9188649985313fa4017ee36dc2bb9a77b564df3168053847bc44414eb1e24f20c43d8bbda6bbb5fdc3d968da7429decd8303e45b37bae9dd9261cd48227975

    • SSDEEP

      12288:QccV48SQpcAMxZs1W05ICMDdmFeyZ4fa:zh8SQpc01W0cQZ4fa

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks