Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    MalwareBazaar.0

  • Size

    1.0MB

  • Sample

    240711-m4gyfawcnh

  • MD5

    f5bac2ef87aec0f350664e196e8a9419

  • SHA1

    afd8029edd667d1ddfbf187a087f13e036f7fa85

  • SHA256

    5336ea09a652db0033ba0afe10a112e07e92ec31b9083b3bb0589c0bbcb6042f

  • SHA512

    7caf8d892c33fb046d17691e549bf1a8ee93c322933a901d92d2eeba813336c94bdb647201ee5ef32f9f1be72db197bb43edbc50155215a6b849e7784f086201

  • SSDEEP

    24576:jAHnh+eWsN3skA4RV1Hom2KXMmHagKTB3KtpQ5:uh+ZkldoPK8Yagc30c

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      MalwareBazaar.0

    • Size

      1.0MB

    • MD5

      f5bac2ef87aec0f350664e196e8a9419

    • SHA1

      afd8029edd667d1ddfbf187a087f13e036f7fa85

    • SHA256

      5336ea09a652db0033ba0afe10a112e07e92ec31b9083b3bb0589c0bbcb6042f

    • SHA512

      7caf8d892c33fb046d17691e549bf1a8ee93c322933a901d92d2eeba813336c94bdb647201ee5ef32f9f1be72db197bb43edbc50155215a6b849e7784f086201

    • SSDEEP

      24576:jAHnh+eWsN3skA4RV1Hom2KXMmHagKTB3KtpQ5:uh+ZkldoPK8Yagc30c

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks