Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    27cdaadb36386864267bb9912c1e1cbc1f741c8fdd0762e32efdbb969358c361

  • Size

    2.3MB

  • Sample

    240611-bypwbayfmf

  • MD5

    a04b0ff1ee4f53cfb8112a7b1e818888

  • SHA1

    33e07c599eb12ff0e4abc0bd8877452633a00371

  • SHA256

    27cdaadb36386864267bb9912c1e1cbc1f741c8fdd0762e32efdbb969358c361

  • SHA512

    614f83b50e146f3bf308439bdd6983264457009af1025064385ea2fe000f481c3ebb2d259cc7319e6297f8421bc589a561bc60fb0a26934eb51e3ea4f6afae69

  • SSDEEP

    3072:GnJXGWdqKKKqdoevVwzcs/niA0wAdWrjfre5Z0nVnWSOvgP8D1Xc8Uofj6ewIlc1:GnJWnUZzcVe

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      27cdaadb36386864267bb9912c1e1cbc1f741c8fdd0762e32efdbb969358c361

    • Size

      2.3MB

    • MD5

      a04b0ff1ee4f53cfb8112a7b1e818888

    • SHA1

      33e07c599eb12ff0e4abc0bd8877452633a00371

    • SHA256

      27cdaadb36386864267bb9912c1e1cbc1f741c8fdd0762e32efdbb969358c361

    • SHA512

      614f83b50e146f3bf308439bdd6983264457009af1025064385ea2fe000f481c3ebb2d259cc7319e6297f8421bc589a561bc60fb0a26934eb51e3ea4f6afae69

    • SSDEEP

      3072:GnJXGWdqKKKqdoevVwzcs/niA0wAdWrjfre5Z0nVnWSOvgP8D1Xc8Uofj6ewIlc1:GnJWnUZzcVe

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks