Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Trojan.AutoIt.1390.21633.8031.exe

  • Size

    1.1MB

  • Sample

    240530-st6rpsea92

  • MD5

    349d723ecd0a2370dd03befb829bbfe2

  • SHA1

    91035d07ec0a4f68cdf21a346f08a36c251cf553

  • SHA256

    713d258a9f5522e345d7ecf7b82e2f69c8eaf53536ccb9d582e27d0d981861fb

  • SHA512

    68e7fe24bae4a7e7e7272e37013e9d852d43a7d025bcec8354bca30ff7873f0ae5495cad39ad02fae8a43c9711ecdcddd871e12bd1d95c9d6874bb81f77bbdd1

  • SSDEEP

    24576:bAHnh+eWsN3skA4RV1Hom2KXMmHam7t1SkxMEpXCm1cv7H5:2h+ZkldoPK8Yam7zS0npSmqvN

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5704903332:AAGQ75Wg6lHVUpPODprifDQYP0_98wUeols/

Targets

    • Target

      SecuriteInfo.com.Trojan.AutoIt.1390.21633.8031.exe

    • Size

      1.1MB

    • MD5

      349d723ecd0a2370dd03befb829bbfe2

    • SHA1

      91035d07ec0a4f68cdf21a346f08a36c251cf553

    • SHA256

      713d258a9f5522e345d7ecf7b82e2f69c8eaf53536ccb9d582e27d0d981861fb

    • SHA512

      68e7fe24bae4a7e7e7272e37013e9d852d43a7d025bcec8354bca30ff7873f0ae5495cad39ad02fae8a43c9711ecdcddd871e12bd1d95c9d6874bb81f77bbdd1

    • SSDEEP

      24576:bAHnh+eWsN3skA4RV1Hom2KXMmHam7t1SkxMEpXCm1cv7H5:2h+ZkldoPK8Yam7zS0npSmqvN

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks