Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9

  • Size

    872KB

  • Sample

    240625-cs245ayfrk

  • MD5

    278bfeb8f64cfcc51cccff93488e291a

  • SHA1

    325411b1d8332d4f7caeafbb010860bd65a97c0e

  • SHA256

    72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9

  • SHA512

    6d460ea4e539a074c844b01b89647a85c646413b4fb386510874627001310a9a51d1c20969db094d28156086ba4927308d9c3c250e9e5869879f9854b6abf93e

  • SSDEEP

    24576:mCTipRko9TNTGuugxbFcEyJFAGV1YLj+TOQDL:mCwkoFN/xdy/ALv+NL

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9

    • Size

      872KB

    • MD5

      278bfeb8f64cfcc51cccff93488e291a

    • SHA1

      325411b1d8332d4f7caeafbb010860bd65a97c0e

    • SHA256

      72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9

    • SHA512

      6d460ea4e539a074c844b01b89647a85c646413b4fb386510874627001310a9a51d1c20969db094d28156086ba4927308d9c3c250e9e5869879f9854b6abf93e

    • SSDEEP

      24576:mCTipRko9TNTGuugxbFcEyJFAGV1YLj+TOQDL:mCwkoFN/xdy/ALv+NL

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks