Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8819d137ba69b96b3f3c28cca74603e86c4ecea2c821e5332452a51258176439.exe

  • Size

    2.5MB

  • Sample

    240612-b4zygayamh

  • MD5

    cc74321fe70654e82ead4093093b0116

  • SHA1

    68e74f568066c31b0f2b2a2837b5ce072b0857af

  • SHA256

    8819d137ba69b96b3f3c28cca74603e86c4ecea2c821e5332452a51258176439

  • SHA512

    e02dc05c21788129ee7509daf307b48632fb76d72ad0c01bd5bae78962a0e3c5b3e78052ca6db9a5f5d31d7b3e3ccbc77385a28a62b208385158a5852d897214

  • SSDEEP

    12288:KP6pSfs5iMrbVM48GaHeRlPKlBEM9JVmkGkJ+yXiR0kVOmPiBR6y:KSIfspZRaHUlCR9JVYci05m6BR6y

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      8819d137ba69b96b3f3c28cca74603e86c4ecea2c821e5332452a51258176439.exe

    • Size

      2.5MB

    • MD5

      cc74321fe70654e82ead4093093b0116

    • SHA1

      68e74f568066c31b0f2b2a2837b5ce072b0857af

    • SHA256

      8819d137ba69b96b3f3c28cca74603e86c4ecea2c821e5332452a51258176439

    • SHA512

      e02dc05c21788129ee7509daf307b48632fb76d72ad0c01bd5bae78962a0e3c5b3e78052ca6db9a5f5d31d7b3e3ccbc77385a28a62b208385158a5852d897214

    • SSDEEP

      12288:KP6pSfs5iMrbVM48GaHeRlPKlBEM9JVmkGkJ+yXiR0kVOmPiBR6y:KSIfspZRaHUlCR9JVYci05m6BR6y

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables packed with or use KoiVM

    • Detects executables referencing Windows vault credential objects. Observed in infostealers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Detects executables referencing many email and collaboration clients. Observed in information stealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks