Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    KANG SHUN 88 V.2315 PARTICULARS.docx.lzh

  • Size

    627KB

  • Sample

    240712-3hcdtsxgkf

  • MD5

    7e4bfee5ce2a69050b4633f2171c3675

  • SHA1

    a5641819462c8ae45b35f0f574133652dc9b0462

  • SHA256

    09ecd31bed05f781b2aaf53dca9a0bffdc1a14960ff7a492a9875fa7b9751b7f

  • SHA512

    626df519ecba351b0a5d8d499bcd68d055ec668aa714ee52a9322c3f3cf874b71dedec4e9ffc906697da3eb3ac7e4429ca909fba43435411c364f439d143a2ca

  • SSDEEP

    12288:aXECRrOAl6xrxvNgk5JrdYIbdxQrkVcuJL8ZzRs7KXKIbq/rm4:IEEOyk1vNV51TxQoVcK8ZWKXKIV4

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://beirutrest.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    9yXQ39wz(uL+

Targets

    • Target

      KANG SHUN 88 V.2315 PARTICULARS.docx.scr

    • Size

      671KB

    • MD5

      e45d4600131cf00689bb13af70c70c13

    • SHA1

      be3911f3272494411f2cb119eccfe5c444c09c61

    • SHA256

      fcb4c6602aeea8229338eab9ed2deb97c27e07601791ef19c7e43a830079e416

    • SHA512

      783584018ee7904e06ede5944c21036928554b7894e32c005994b2adc37520fe8378c3f6b5711124966ab9a515fccb69c46e73702437d7ea1de17a904bbb986a

    • SSDEEP

      12288:qAL5YVK+orvwYo9tHiIRi+ksmjELgWhuNFxcCkadXbbHzt08SnS2OHalFep9AH2:qg51+ZXHKYLgJxFk0XHT1+S2JlFepS2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks