Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb

  • Size

    832KB

  • Sample

    240617-bps7da1hpn

  • MD5

    853b3bdb5b229602674916aba4acf397

  • SHA1

    ff67bdeb85a9bd552818c092bb7187547a420338

  • SHA256

    1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb

  • SHA512

    3f3ba08e66cad50a96c58d11bcafb9d9647cdb12536ab58ebd962e05d05c8119f862f0550724947714e4d54828d905d02d4ded21ece9536d7f084b089d63be70

  • SSDEEP

    12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcP7ZF968JT4/UXuWJeYAijFd6Ll:hBXu9HGaVHTZq/UdJ9z6Ll

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7288956701:AAGI8Yq8sI6l1S7vYfYKq0jwMldTgmIxjiE/

Targets

    • Target

      1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb

    • Size

      832KB

    • MD5

      853b3bdb5b229602674916aba4acf397

    • SHA1

      ff67bdeb85a9bd552818c092bb7187547a420338

    • SHA256

      1fc8f86a0d5763a5c105ca8fc821ae693d36be2d5aa39f676a1c37fdfe1c2ccb

    • SHA512

      3f3ba08e66cad50a96c58d11bcafb9d9647cdb12536ab58ebd962e05d05c8119f862f0550724947714e4d54828d905d02d4ded21ece9536d7f084b089d63be70

    • SSDEEP

      12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcP7ZF968JT4/UXuWJeYAijFd6Ll:hBXu9HGaVHTZq/UdJ9z6Ll

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks