Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    20062024_0149_19062024_Quotation for Stainless steel.pdf.tar

  • Size

    605KB

  • Sample

    240620-b8tx1ssbmb

  • MD5

    a6206c20b3c1b7186cb7cd91e432dd83

  • SHA1

    b64480f8c5938d5e107c40e2040c06549e7045af

  • SHA256

    b466ce0f2a8a448825ab70818a4442ffab05d8f1f29282c24757f360a7de99c0

  • SHA512

    864eba1edf7e5ba68ab93079d88eb82d8c82591779de9a09739a19810c2053a1fc9dde93b0d6e01b0784d82278318dae68f533ecb75202bee80eb316c09cf3fb

  • SSDEEP

    12288:eEcdkoicsyzWKjBwqfrrizsyM+fUbUcIcl/ZRenLkH1IdWBzZKH0XrGFd:eEMVicBzxBwq3NK0fIc/GnSFzZM4K

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Quotation for Stainless steel.exe

    • Size

      703KB

    • MD5

      81ee41d34911b369e2bea099a3eab641

    • SHA1

      2b07f17a2db091c42185942dfabb3e17e5749879

    • SHA256

      42f3e537e4c19d1c9b0f2cb2cedf4e2700bffeefff48db124aa01ee380c18601

    • SHA512

      899ca1c9cc6590756ff62d37bc1e73aee87b2728af03e14f1fb439b88500f9745c449f3e102f316398e6543600eb37b36172d8b2920ecd655b13513173004666

    • SSDEEP

      12288:3Nv5c6l3Muk04ZZA3W2NFXYzGUv0QcFOMNj6dBukLlxj7DTEAmDnkR:JOn04wm2nYzj0BFOMNj2bFTn

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks