Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    10082024_0415_08082024_SWIFT REF 458945488437PAGO INVOICE 5954000.rar

  • Size

    648KB

  • Sample

    240810-evd67azaph

  • MD5

    d047d491ced25ed6d33bfae31b0c71ef

  • SHA1

    19fe8ee4af34e8c939f98bbb845e9553c12f8ecd

  • SHA256

    d06e6efc21238005a340b881ece87b0b7912fa55a4963919bd1621e8231d8574

  • SHA512

    ddadf5e42d7da3f63df9b921160cfec11ade82183ce81eb0cb62783955dceb43946184d48ab8de31b19831e7a005ef6f2c7e1eca625a98bc4487610c1fdde5c7

  • SSDEEP

    12288:NxYv6qqXE+/nflRztY74VzwqRijBhMeSarBgQe5xqK5i047FiBI+:fU6/NnflRzi0TamUB6/qeipMP

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SWIFT REF 458945488437PAGO INVOICE 5954000.exe

    • Size

      1.1MB

    • MD5

      6ef549e83677f76510e8696cb444cf66

    • SHA1

      5a625854d4551744a6f7ffac7f5e61829d160688

    • SHA256

      11169c9d08b88f6ba3595cae46e3ddf257546d592b84489247a021c7fa90f0e0

    • SHA512

      31eae6dd9fe73b59cd9e0a4cd0933b1c2976091d07a68c8abf241c294e360502005215f31236f2a19d34a5cc0537c1228436a621e776448577464afae7768b48

    • SSDEEP

      24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8aFTXfiXRXMfk:rTvC/MTQYxsWR7aFTXfiBXM

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks