Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    493084369.exe

  • Size

    1.1MB

  • Sample

    240627-k96gwateme

  • MD5

    a465bc6b95811da2d8112bed68fffacc

  • SHA1

    8b5602d34a179e789c580b1a145e6e559b864a9a

  • SHA256

    75be4773c9254d78bf52593da0360ba351cdc5fffcabc645da352c8413c8b223

  • SHA512

    06e2731a460ca9ddffaca7278ae491ab83a6a6170a84e4277eb4fbfe4cd85b6f2edce244a1219227dbba47ea0c721d40dd8eee5d97d963c65a38d8ca6b33cae4

  • SSDEEP

    24576:BAHnh+eWsN3skA4RV1Hom2KXMmHaFaqC1f5XzdTZ83Z5:Yh+ZkldoPK8YaFOhlzdV8z

Malware Config

Targets

    • Target

      493084369.exe

    • Size

      1.1MB

    • MD5

      a465bc6b95811da2d8112bed68fffacc

    • SHA1

      8b5602d34a179e789c580b1a145e6e559b864a9a

    • SHA256

      75be4773c9254d78bf52593da0360ba351cdc5fffcabc645da352c8413c8b223

    • SHA512

      06e2731a460ca9ddffaca7278ae491ab83a6a6170a84e4277eb4fbfe4cd85b6f2edce244a1219227dbba47ea0c721d40dd8eee5d97d963c65a38d8ca6b33cae4

    • SSDEEP

      24576:BAHnh+eWsN3skA4RV1Hom2KXMmHaFaqC1f5XzdTZ83Z5:Yh+ZkldoPK8YaFOhlzdV8z

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks