Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01a4977e16263e34ff38618b6892827e51c9e121fd625b5f04cc387b724a9fc9.exe

  • Size

    590KB

  • Sample

    240520-yz5pgsga21

  • MD5

    5a7f9def7fea29edddb789445035b8a2

  • SHA1

    f36bbc6713742142cf75696534e44e10dc5bd683

  • SHA256

    01a4977e16263e34ff38618b6892827e51c9e121fd625b5f04cc387b724a9fc9

  • SHA512

    14525620b3fffd938164916cea5521c7745b2d7c55701cc962ceca09440435427a650214bbbd567464f4e8258a0d61b3e7d7ebfd0a4558bcc43a9b6dafa808a8

  • SSDEEP

    12288:toihr/EqfY23qAdNuILw3nS3+/Af0iu3Fb77s2vm:2mr/VYHAvt8SkMGQWm

Malware Config

Targets

    • Target

      01a4977e16263e34ff38618b6892827e51c9e121fd625b5f04cc387b724a9fc9.exe

    • Size

      590KB

    • MD5

      5a7f9def7fea29edddb789445035b8a2

    • SHA1

      f36bbc6713742142cf75696534e44e10dc5bd683

    • SHA256

      01a4977e16263e34ff38618b6892827e51c9e121fd625b5f04cc387b724a9fc9

    • SHA512

      14525620b3fffd938164916cea5521c7745b2d7c55701cc962ceca09440435427a650214bbbd567464f4e8258a0d61b3e7d7ebfd0a4558bcc43a9b6dafa808a8

    • SSDEEP

      12288:toihr/EqfY23qAdNuILw3nS3+/Af0iu3Fb77s2vm:2mr/VYHAvt8SkMGQWm

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks