Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    696c1cec68428b579bd71cb56cdd28e9e9fd0a03f63584ac3e3783f264717b82

  • Size

    745KB

  • Sample

    240606-b1gygsdh6v

  • MD5

    1126bd6cf0a46fdf06c3665bc7ada595

  • SHA1

    59df04fdefe242379373940d61bc0205ffc6b1a5

  • SHA256

    696c1cec68428b579bd71cb56cdd28e9e9fd0a03f63584ac3e3783f264717b82

  • SHA512

    0e33d08981fd91ced49bbca434cfac5a964e18c28e8671baa013cd8b79dfd261db58f7a8294666aea2949823be4aebbe7864800fe3355eb0914da9fc1db219d4

  • SSDEEP

    12288:6gsmZ8iqyJM+cCUYoz7Ch7dVS/L2R7NftgDhrIiKRkjxSDVDvVsP0F91jmMMkR:Ti5OfcCUYyG3VS/L21htErIi3j0DJv++

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.ultraflex.com.mx
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Jgj8-p4Z]a1b

Targets

    • Target

      696c1cec68428b579bd71cb56cdd28e9e9fd0a03f63584ac3e3783f264717b82

    • Size

      745KB

    • MD5

      1126bd6cf0a46fdf06c3665bc7ada595

    • SHA1

      59df04fdefe242379373940d61bc0205ffc6b1a5

    • SHA256

      696c1cec68428b579bd71cb56cdd28e9e9fd0a03f63584ac3e3783f264717b82

    • SHA512

      0e33d08981fd91ced49bbca434cfac5a964e18c28e8671baa013cd8b79dfd261db58f7a8294666aea2949823be4aebbe7864800fe3355eb0914da9fc1db219d4

    • SSDEEP

      12288:6gsmZ8iqyJM+cCUYoz7Ch7dVS/L2R7NftgDhrIiKRkjxSDVDvVsP0F91jmMMkR:Ti5OfcCUYyG3VS/L21htErIi3j0DJv++

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks