Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Ödeme_2024_06_12s᠎x᠎l᠎x᠎..exe

  • Size

    3.4MB

  • Sample

    240613-l8j3xsybnk

  • MD5

    cc3f854f2997663096d88222cc601dea

  • SHA1

    78f6ae662e7a88d63142c4c1627edfc848497ec0

  • SHA256

    35e6f97e7b41e640887cd183f0dd4d836e05e42000871be773f2d9468f387e5e

  • SHA512

    c06ed15281e168a36304b6b19d189bd62b00367446d456866b00f285e15ae4c136a48d329436c928fb3feabddb545a53aad0537ac4858aee25bd04ca3b2d519a

  • SSDEEP

    12288:1Js3+SBcMHZvk2YwKANlsQRjj/8cCmKOP/A3sYAcIn2KfOTE:1y3TeukXQVj/lCmKOXXYQ9mTE

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.oserfech.eu
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Epicoffice@2024

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Ödeme_2024_06_12s᠎x᠎l᠎x᠎..exe

    • Size

      3.4MB

    • MD5

      cc3f854f2997663096d88222cc601dea

    • SHA1

      78f6ae662e7a88d63142c4c1627edfc848497ec0

    • SHA256

      35e6f97e7b41e640887cd183f0dd4d836e05e42000871be773f2d9468f387e5e

    • SHA512

      c06ed15281e168a36304b6b19d189bd62b00367446d456866b00f285e15ae4c136a48d329436c928fb3feabddb545a53aad0537ac4858aee25bd04ca3b2d519a

    • SSDEEP

      12288:1Js3+SBcMHZvk2YwKANlsQRjj/8cCmKOP/A3sYAcIn2KfOTE:1y3TeukXQVj/lCmKOXXYQ9mTE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks