Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a040ff5358e881adf59b8446ebdbb987a486c4fe90e2f1d64a5b9abadd550fd9.exe

  • Size

    593KB

  • Sample

    240802-cl6tqszcnp

  • MD5

    ca61c16bb94540662facaa6cf7f317f8

  • SHA1

    6fd5af916972136da2bcefb6188d1c11c905ed41

  • SHA256

    a040ff5358e881adf59b8446ebdbb987a486c4fe90e2f1d64a5b9abadd550fd9

  • SHA512

    a41ebbe793b3d234921656b6ef3df75e500bb115ce3788e1bb4bc57ebda2de0dcbcdea24b51b53d8343e3b60977d2a57c577aef03613694d2c0a7346bac6eb5f

  • SSDEEP

    12288:1oGrkCEw+Is4l8O3d5Gu8y5pSqgsZsFKSB82MiEhB:1oGI3w1l8Ot5Gvy5DKEdB

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      a040ff5358e881adf59b8446ebdbb987a486c4fe90e2f1d64a5b9abadd550fd9.exe

    • Size

      593KB

    • MD5

      ca61c16bb94540662facaa6cf7f317f8

    • SHA1

      6fd5af916972136da2bcefb6188d1c11c905ed41

    • SHA256

      a040ff5358e881adf59b8446ebdbb987a486c4fe90e2f1d64a5b9abadd550fd9

    • SHA512

      a41ebbe793b3d234921656b6ef3df75e500bb115ce3788e1bb4bc57ebda2de0dcbcdea24b51b53d8343e3b60977d2a57c577aef03613694d2c0a7346bac6eb5f

    • SSDEEP

      12288:1oGrkCEw+Is4l8O3d5Gu8y5pSqgsZsFKSB82MiEhB:1oGI3w1l8Ot5Gvy5DKEdB

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks