Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69c1ef5f4a9e679fe108602e5e6a6b1b865bacfef68adbda17fe66c12263c5dd

  • Size

    1005KB

  • Sample

    240802-b2xqbssgjg

  • MD5

    4d659ae062c27e18aaf32f4735f65e9d

  • SHA1

    6f9f01253f629da3c49ccc2901887b57eb1bc9c6

  • SHA256

    69c1ef5f4a9e679fe108602e5e6a6b1b865bacfef68adbda17fe66c12263c5dd

  • SHA512

    55f26f40cbc7e89aeb9f26c99d8a3c31f5bb7385316e24277e3d11d46a04175beb1e2c50c24b7765dc2a7f9fb73bec833d8c44ed5dbd89313691623cda9c9542

  • SSDEEP

    24576:1k/1q893EUgNC/rFGRbP5qYO0c+P1eZsr6nnjqKoe:4koUvC/oRPEuZoLjqKoe

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      69c1ef5f4a9e679fe108602e5e6a6b1b865bacfef68adbda17fe66c12263c5dd

    • Size

      1005KB

    • MD5

      4d659ae062c27e18aaf32f4735f65e9d

    • SHA1

      6f9f01253f629da3c49ccc2901887b57eb1bc9c6

    • SHA256

      69c1ef5f4a9e679fe108602e5e6a6b1b865bacfef68adbda17fe66c12263c5dd

    • SHA512

      55f26f40cbc7e89aeb9f26c99d8a3c31f5bb7385316e24277e3d11d46a04175beb1e2c50c24b7765dc2a7f9fb73bec833d8c44ed5dbd89313691623cda9c9542

    • SSDEEP

      24576:1k/1q893EUgNC/rFGRbP5qYO0c+P1eZsr6nnjqKoe:4koUvC/oRPEuZoLjqKoe

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks