Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2eeec947de3dee177c0a5ff2727e98953d0285f174b43074fee0a6e909c1593a

  • Size

    871B

  • Sample

    240710-fh5n2sxfjr

  • MD5

    7f2f4defe96ef3a64b8b00c2cb5fff79

  • SHA1

    7f665204f41558ec7f1604c4ab3f4419a1294cbc

  • SHA256

    ff83eea6602f31996519df148dc9d1b090fe885caa81a0893fff78a0b1fa2ef2

  • SHA512

    e56a70a4f7e0204b2e7f1b1c0a8fd2a751cbbfc15c4367dbb145a7cc5d2e94396d9279463c9caaf7db3c4bde349c2048c1714a44612f46aa37932076b44cd0fa

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bizr usjt guapiims

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      2eeec947de3dee177c0a5ff2727e98953d0285f174b43074fee0a6e909c1593a

    • Size

      7KB

    • MD5

      bc80530079fd263dd26e267d797cd4ad

    • SHA1

      54215542d4c17815915c2aa3efe76605b394092f

    • SHA256

      2eeec947de3dee177c0a5ff2727e98953d0285f174b43074fee0a6e909c1593a

    • SHA512

      64799c7cd10dff4c002f7ac77db485593d13b6f79a983e9b7c785e8a411958b10238daae69f8549e52977413eb0226070448f7813283780563bd493afc7b8580

    • SSDEEP

      192:tIiianBNVi8xF1wG1FbIPieeRXtXqHUUN7i592E:tIiianBNVi8n1wG1FbIPieeRXtXqHUUW

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks