Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf2452694735ee34a63eae71c64466d19101018c860a860b2a4b78b3c5f486c3

  • Size

    242KB

  • Sample

    240526-bd91raha8s

  • MD5

    10903b431f1e351db96e74076cc8e539

  • SHA1

    4df5e5a9bd208510e214bd59c5459e37b71c2063

  • SHA256

    bf2452694735ee34a63eae71c64466d19101018c860a860b2a4b78b3c5f486c3

  • SHA512

    eecfa312dd1f0146a9e0ea6ab7a62b44763a39e05e5f5eb790ea71f2474e5f625f8559fa8f7d2badc6a102bcaadf7e58f2f72847179a481b46d0da70e9c1d7ae

  • SSDEEP

    3072:WGybM97hOQ/iK2jrOyipN/XbKjvV18Oh2ljJDo8+1ovZrbj7KZnK547S4C2xH7Dt:rDthOzj8NzKF2DSWZj7ECi7bvd

Malware Config

Targets

    • Target

      bf2452694735ee34a63eae71c64466d19101018c860a860b2a4b78b3c5f486c3

    • Size

      242KB

    • MD5

      10903b431f1e351db96e74076cc8e539

    • SHA1

      4df5e5a9bd208510e214bd59c5459e37b71c2063

    • SHA256

      bf2452694735ee34a63eae71c64466d19101018c860a860b2a4b78b3c5f486c3

    • SHA512

      eecfa312dd1f0146a9e0ea6ab7a62b44763a39e05e5f5eb790ea71f2474e5f625f8559fa8f7d2badc6a102bcaadf7e58f2f72847179a481b46d0da70e9c1d7ae

    • SSDEEP

      3072:WGybM97hOQ/iK2jrOyipN/XbKjvV18Oh2ljJDo8+1ovZrbj7KZnK547S4C2xH7Dt:rDthOzj8NzKF2DSWZj7ECi7bvd

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks