Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Ferrecsa D701163.pdf.exe

  • Size

    1.2MB

  • Sample

    240818-t3ng6awdpk

  • MD5

    861b8fa009a52d4a2a0484b8c2673fb3

  • SHA1

    379c013437d1f2956eb40772281754545a6ad124

  • SHA256

    655a38b1686aa4f75f6dd4f2b59c8e9e09cde9997b46bafbe4e3dee38d859c99

  • SHA512

    5d24eb0674278d40e26db482e06a301ccca675a1454593868929fde24def1dcc6431ecee123fa05ec2907c375d2220d8499e68d15be5343e4e2ace529a6776f8

  • SSDEEP

    24576:jiUmSB/o5d1ubcv7HAUJDeRSCJvYDxsHWaNL5ZUPNZjk9WtI5CtbXosz67:j/mU/ohubcv77qRNBSMNLgPNYWi5Ctzc

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.corpsa.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    HMcJs([wrG~1

Targets

    • Target

      Ferrecsa D701163.pdf.exe

    • Size

      1.2MB

    • MD5

      861b8fa009a52d4a2a0484b8c2673fb3

    • SHA1

      379c013437d1f2956eb40772281754545a6ad124

    • SHA256

      655a38b1686aa4f75f6dd4f2b59c8e9e09cde9997b46bafbe4e3dee38d859c99

    • SHA512

      5d24eb0674278d40e26db482e06a301ccca675a1454593868929fde24def1dcc6431ecee123fa05ec2907c375d2220d8499e68d15be5343e4e2ace529a6776f8

    • SSDEEP

      24576:jiUmSB/o5d1ubcv7HAUJDeRSCJvYDxsHWaNL5ZUPNZjk9WtI5CtbXosz67:j/mU/ohubcv77qRNBSMNLgPNYWi5Ctzc

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks