Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    92b8e93c694b111af7c04d32f857974122aa84c7e38931feff5ab3f41a73bd98

  • Size

    4KB

  • Sample

    240807-m19t2sxerr

  • MD5

    4c977c551c3f7e6140c0b60025487f87

  • SHA1

    049c3092461727c215cee78108f78815777b2edc

  • SHA256

    92b8e93c694b111af7c04d32f857974122aa84c7e38931feff5ab3f41a73bd98

  • SHA512

    537be9630a750171d9ecefcfe202d0dcb56e4b5c2e10595a2fd9f3fe015d9436aaf82ba990b84d2d0a07d45dacec0f6c6865e6724368517f5318c3d1b25c9c13

  • SSDEEP

    96:vRUFkDqfJX7ZMOsFXzeNCCFFeazF/tP0Zh9uPDvDC3tOSB:++qfJX9MO2zeNCUFeYcZjurbSB

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SOA PAYMENT.vbe

    • Size

      12KB

    • MD5

      fbd428b36af66d92efc3d5b745bd0027

    • SHA1

      5861ff074403f6783fc2b7c75a9dbf0ce593c077

    • SHA256

      fee12dd38f4e7bddb43d88c548a49eca31bda69c74fe73eb65d04e53f00bf749

    • SHA512

      3f586ee2b17c786e64e1b0244824ead9334b81d6284b38f59f2fcce02fea96650315b66077f01297248ddb9d23d76f2d6d7731ebb8d7b8f212e2e463642eebef

    • SSDEEP

      192:vPcUXIssSUHci9rEi43NIr+MJXgu/ALk41LS8aF+OLLluK:sUXIsspep3NqJwuIo41vakOdT

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks