Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a5edfedcacd647606f65f573ba88fd5.bin

  • Size

    662KB

  • Sample

    240601-cp3aqafb39

  • MD5

    51cad23c38e405cc4770267bcdb89275

  • SHA1

    8b090bc97bfd88183c8303e9dfdc8d0d15bc1f2c

  • SHA256

    45c59a343b482c4c521c920f16dd1f62d0387c6c1dac58a926d75ff399c5d61e

  • SHA512

    0fee4a448820b28a28ea59b7d13596f445c8e9bb71cf3003bf695460ce7d790dfd14a6397bf38d12e7cff98a191042ea5ebb8b2067505cbf98ca63cd70fdde13

  • SSDEEP

    12288:cHajI9QoeZbrLouqi8mmoMPUw//gFb7D7E2jxxU4jAU2sO3:c6toezohi8mmo4LgFbbEix5jAUNk

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      40367d6e32f9a6d3f45372fd60a4da63f494dc1ae0fd1781cfd9c3a74b4a06f9.exe

    • Size

      710KB

    • MD5

      6a5edfedcacd647606f65f573ba88fd5

    • SHA1

      e03491d78351a41011798d2f713a5296dfcc0553

    • SHA256

      40367d6e32f9a6d3f45372fd60a4da63f494dc1ae0fd1781cfd9c3a74b4a06f9

    • SHA512

      4be2c86ee9e51f51f85b9fc5c9e85ca295dd3a8131d80322199da7369f0c374b5a2ce45338cce93f89b46c89f819312a1e1f6127170a137715fef7dbcc56d5b9

    • SSDEEP

      12288:wbItdJS4VbKTi4dwB/m9nIayC/3cvVKr8Zpf/WJPmGE0CLXD4GME8XB:vRScz4dEuFIal36IrypfOJm/XEGY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks