Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e

  • Size

    1.3MB

  • Sample

    240713-bntrhsyhrq

  • MD5

    17dd564d52077a9390e60eb9012d3508

  • SHA1

    f999ba7c351d19339a6429937ff50debccc2c633

  • SHA256

    3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e

  • SHA512

    aa7392e578449fb74c39d93b4b475f7a4ecc40b9d85401d0e388098b94e2d726bb1309704239ac584aa5ecf9c50a21a95d7a7a2149aa045cf6662d309ac73624

  • SSDEEP

    12288:ahHri/SWUqTXM+ZvZa1xVkuXvDLhY2DwTjjnwQ6N9t:aho761xzhwHVqD

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e

    • Size

      1.3MB

    • MD5

      17dd564d52077a9390e60eb9012d3508

    • SHA1

      f999ba7c351d19339a6429937ff50debccc2c633

    • SHA256

      3f1240d221c9ac576d3e168cf13b21a6790435337aa309d7f82e82a237c9082e

    • SHA512

      aa7392e578449fb74c39d93b4b475f7a4ecc40b9d85401d0e388098b94e2d726bb1309704239ac584aa5ecf9c50a21a95d7a7a2149aa045cf6662d309ac73624

    • SSDEEP

      12288:ahHri/SWUqTXM+ZvZa1xVkuXvDLhY2DwTjjnwQ6N9t:aho761xzhwHVqD

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks