Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4

  • Size

    1.0MB

  • Sample

    240614-cpa68svhll

  • MD5

    1acfec96b14bc4dbb43836118f89e5b9

  • SHA1

    474f6af6000edf450fcffd699e3cffaa703763fc

  • SHA256

    27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4

  • SHA512

    dc4370ccb1ee5a72f3cbb5c0f79250fd49c816f5523a75652083c293e127dc4b01c54bb117a5bac240bad27f81449e974521ec269e1658276f3275d3a07b10db

  • SSDEEP

    24576:hAHnh+eWsN3skA4RV1Hom2KXMmHaOVKh1sIlTS5:4h+ZkldoPK8YaOVoSIu

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4

    • Size

      1.0MB

    • MD5

      1acfec96b14bc4dbb43836118f89e5b9

    • SHA1

      474f6af6000edf450fcffd699e3cffaa703763fc

    • SHA256

      27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4

    • SHA512

      dc4370ccb1ee5a72f3cbb5c0f79250fd49c816f5523a75652083c293e127dc4b01c54bb117a5bac240bad27f81449e974521ec269e1658276f3275d3a07b10db

    • SSDEEP

      24576:hAHnh+eWsN3skA4RV1Hom2KXMmHaOVKh1sIlTS5:4h+ZkldoPK8YaOVoSIu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks