Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dae12118af053d1eaaf26061ad8aeea8625b345dde819025c4cdea9f2c11e3f8
-
Size
964KB
-
Sample
240620-b7kmyswfkj
-
MD5
d5fa7c2999fe51777420f1193f055b30
-
SHA1
f7d9eec5cc46dbf6c1d5a97be58b887a6f0f890e
-
SHA256
dae12118af053d1eaaf26061ad8aeea8625b345dde819025c4cdea9f2c11e3f8
-
SHA512
2c08378053a9e7cef1ec3ced4c323b50b233eff08bc05894c6f353bc07ec88024c862798711d56fe96b4c0b79d667b59edec60c97a32cc7f9205867785c24d3d
-
SSDEEP
12288:9Y9h7rZ23p+cBYzX6pGO0Ou0ekn0gJQB88xOcaw3VfJm+v/7ow833BRffVc81:Ehs8hzKpGWekn069kOBUDd8P3
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.easternmoversbh.com - Port:
587 - Username:
[email protected] - Password:
Nr3t5@E!nF0@239# - Email To:
[email protected]
Targets
-
-
Target
dae12118af053d1eaaf26061ad8aeea8625b345dde819025c4cdea9f2c11e3f8
-
Size
964KB
-
MD5
d5fa7c2999fe51777420f1193f055b30
-
SHA1
f7d9eec5cc46dbf6c1d5a97be58b887a6f0f890e
-
SHA256
dae12118af053d1eaaf26061ad8aeea8625b345dde819025c4cdea9f2c11e3f8
-
SHA512
2c08378053a9e7cef1ec3ced4c323b50b233eff08bc05894c6f353bc07ec88024c862798711d56fe96b4c0b79d667b59edec60c97a32cc7f9205867785c24d3d
-
SSDEEP
12288:9Y9h7rZ23p+cBYzX6pGO0Ou0ekn0gJQB88xOcaw3VfJm+v/7ow833BRffVc81:Ehs8hzKpGWekn069kOBUDd8P3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1