Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a342ce10ee92e28fe35aae7804785ff5de362be4445501b18c322a049625f886

  • Size

    759KB

  • Sample

    240528-waeewsdf7x

  • MD5

    b79f97e4db70037b5bc5151fbe634d93

  • SHA1

    81283e71c6dedb7335c0adaa51c0ca3f804638a2

  • SHA256

    a342ce10ee92e28fe35aae7804785ff5de362be4445501b18c322a049625f886

  • SHA512

    3fab52033ca9ded4e123253bc74912c60fdfc38ee5272df66fd6e77430f460ec13ea3a482df6488bb18c362abf0ec3b155664350f1f5950a2362b0db1bcc48e5

  • SSDEEP

    12288:Bz9TjhnjhvWr1NhQCKBtVOrH/ks40Zstp+wSb/YEXk6SvXRyp3Gb5:BzdNnNmXhjaDuR40Z/YokXPIFGb

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      a342ce10ee92e28fe35aae7804785ff5de362be4445501b18c322a049625f886

    • Size

      759KB

    • MD5

      b79f97e4db70037b5bc5151fbe634d93

    • SHA1

      81283e71c6dedb7335c0adaa51c0ca3f804638a2

    • SHA256

      a342ce10ee92e28fe35aae7804785ff5de362be4445501b18c322a049625f886

    • SHA512

      3fab52033ca9ded4e123253bc74912c60fdfc38ee5272df66fd6e77430f460ec13ea3a482df6488bb18c362abf0ec3b155664350f1f5950a2362b0db1bcc48e5

    • SSDEEP

      12288:Bz9TjhnjhvWr1NhQCKBtVOrH/ks40Zstp+wSb/YEXk6SvXRyp3Gb5:BzdNnNmXhjaDuR40Z/YokXPIFGb

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks