Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8.bat

  • Size

    1.4MB

  • Sample

    240821-nka68azarq

  • MD5

    70b340ae3989a38ceb1545ede320f991

  • SHA1

    cb35aa2ea5282c6d3f051400466705058890a424

  • SHA256

    ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8

  • SHA512

    06c2ad0da9b0bb9c316170c65d0b54a8b0b69ff6c574eb62cb56e0b41b18c12c9d1b7f3eeb0279932e9c44201874f0d76b9d8cc889701578f7e6d1ef4af032c7

  • SSDEEP

    24576:WYAnya111NrQcqRpa01Y31TGLN051hed0ELLtk1Koe78TYqE:WjyAwc1aLNch8HLG11dY

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8.bat

    • Size

      1.4MB

    • MD5

      70b340ae3989a38ceb1545ede320f991

    • SHA1

      cb35aa2ea5282c6d3f051400466705058890a424

    • SHA256

      ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8

    • SHA512

      06c2ad0da9b0bb9c316170c65d0b54a8b0b69ff6c574eb62cb56e0b41b18c12c9d1b7f3eeb0279932e9c44201874f0d76b9d8cc889701578f7e6d1ef4af032c7

    • SSDEEP

      24576:WYAnya111NrQcqRpa01Y31TGLN051hed0ELLtk1Koe78TYqE:WjyAwc1aLNch8HLG11dY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks