Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0dc90339f135807b6aab44ac9af70601adf2a054e561d555ce30841b9ac44905

  • Size

    673KB

  • Sample

    240615-bsy7sstgqb

  • MD5

    ded5d5a941bb7dbbc6ea5b4921295347

  • SHA1

    b9c482c5ded841f32bc3640412c9aec0fd4082ab

  • SHA256

    0dc90339f135807b6aab44ac9af70601adf2a054e561d555ce30841b9ac44905

  • SHA512

    2c62fa245ed397499aded45bf8bb905d147b129f7fa6f0202e263f4a8a8193a23fc313ed69db5392f8fb6274bc04890b494f23e628968eb64370ae0b680b1ac8

  • SSDEEP

    12288:wKuGD25dF7dWqzxRnmYEgWgZA+gCdMOE3EFeg0XJpY/Cfx65ViAG84NSQs05w6E:0GDmvhWSr/EB8xdM8Feg+8/CJ65ViAGc

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.myhydropowered.com
  • Port:
    587
  • Username:
    invest@myhydropowered.com
  • Password:
    n8h0yvDxAKrtxKB
  • Email To:
    disciple@myhydropowered.com

Targets

    • Target

      PO_67800Kg+MachineCmO.exe

    • Size

      1.1MB

    • MD5

      5ec2bbe309377cde94041980f7d55ad3

    • SHA1

      6614b173e5b36e40a8f741403047c5092efca8f2

    • SHA256

      c9c67e5c91239bdc8ec8521fbdbdf3242a919261fa083c459c5af167c7180037

    • SHA512

      fd676bf2c6ad1a6db956bd1542ebed092987061a73c372840218dcf0b605044fb37f80d0d392a509464a23271ea52f7d2f545c6e69cb12fee9e159a2ac68d0ec

    • SSDEEP

      24576:0AHnh+eWsN3skA4RV1Hom2KXMmHaqh+s6RheAG848Qs0ZO4UB5:Dh+ZkldoPK8Yaqhmhewvey

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.