Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b

  • Size

    858KB

  • Sample

    240716-bdff5sxglj

  • MD5

    1c0e94075d35e0751f28d9051b783a47

  • SHA1

    e3965ce4f88efaf02a6442ef2cf4c46a7dbd4fc7

  • SHA256

    d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b

  • SHA512

    a0603b79920fdaeb1925e0cfa559904c9215db6e5f9a5040a538c4538ea3407f37484ef5ac52c2cf05cfe376fe673855da8bc2708990f77683ac043cfa5d6bf1

  • SSDEEP

    24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPR:/EN973PvEL2wHBODLcP5

Malware Config

Targets

    • Target

      d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b

    • Size

      858KB

    • MD5

      1c0e94075d35e0751f28d9051b783a47

    • SHA1

      e3965ce4f88efaf02a6442ef2cf4c46a7dbd4fc7

    • SHA256

      d8bc00a22800a98b9b9d64506366f35f27254fc4dd4e2d5f43f601a91975db1b

    • SHA512

      a0603b79920fdaeb1925e0cfa559904c9215db6e5f9a5040a538c4538ea3407f37484ef5ac52c2cf05cfe376fe673855da8bc2708990f77683ac043cfa5d6bf1

    • SSDEEP

      24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPR:/EN973PvEL2wHBODLcP5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks