Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    74a24918d2d23cf37ea8d542136187fdcd15aaf97792a36da44c01dd0d20555e

  • Size

    636KB

  • Sample

    240531-ceernsbb2w

  • MD5

    8028f08408efe10f4c09a69d30d321ae

  • SHA1

    efd04813d698225c42f917ec47d7392c46575a08

  • SHA256

    74a24918d2d23cf37ea8d542136187fdcd15aaf97792a36da44c01dd0d20555e

  • SHA512

    8338e3ffca188cbba0cebf9e962411a98a53a01a11481888697ecc091057263c118671ae2f955fbcb1beddc753003c7c0028c2aa2018e358006b67b0d3505e7f

  • SSDEEP

    6144:rxwhnR5/oeD4doneNrPrOvnnjx0iqDEl8gjgsZwyMkGJaYqSMOk/UqGoLCbby5ec:rxwpCJet5STiIk/au5KjwDnKz46vur

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      a73bde5818cf35b57af18ef482d69a39cf93ab332eb5a1301042c9b69e74dcc9.exe

    • Size

      661KB

    • MD5

      204083e5ee75f801a3aad0078f433cd8

    • SHA1

      386e1a6daa01c95815eb3bd46304cac26dc66f2b

    • SHA256

      a73bde5818cf35b57af18ef482d69a39cf93ab332eb5a1301042c9b69e74dcc9

    • SHA512

      40e278a8bb6cf2253029d46ed1aa01355ae67f2f9b55af704631b4e8ab0520296ce0f53cda772ac5b67c183374115e83700362deef07bce8a2d3b7358546d878

    • SSDEEP

      12288:AQtYJL/6H3BGyBRlgouuplkMUgI1OAPQZ4GcDbMpY2MxhY:VYdCRTBRlgouBs4PQZecMHY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks