Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    da65062d01358edbdfda7e0642b135b8_JaffaCakes118

  • Size

    574KB

  • Sample

    240911-p7apms1fpj

  • MD5

    da65062d01358edbdfda7e0642b135b8

  • SHA1

    107850eb38c82af848622db6821ef95d51be6fe9

  • SHA256

    9ec0bfce36093b27ef26fc4cfb265541081bdd2bd6b140a8ceb5ce7c126c432f

  • SHA512

    b2e862b44094012351984e028fd4088bb8235bf360cfe04157d7ab3a5b9d78f742d186012a2c2c9e59759c28faecbd710ddd6d96a67228378d2ceff1c724a0e1

  • SSDEEP

    6144:x7M1KWv3ZoBdO1eLpsDnM5zAOdaIR5PlTt8bbOugEEnRUkd6jX2JPxcYEUO:x7M1KY3mICzrPlpnUAPxc2

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Blessed000@

Targets

    • Target

      da65062d01358edbdfda7e0642b135b8_JaffaCakes118

    • Size

      574KB

    • MD5

      da65062d01358edbdfda7e0642b135b8

    • SHA1

      107850eb38c82af848622db6821ef95d51be6fe9

    • SHA256

      9ec0bfce36093b27ef26fc4cfb265541081bdd2bd6b140a8ceb5ce7c126c432f

    • SHA512

      b2e862b44094012351984e028fd4088bb8235bf360cfe04157d7ab3a5b9d78f742d186012a2c2c9e59759c28faecbd710ddd6d96a67228378d2ceff1c724a0e1

    • SSDEEP

      6144:x7M1KWv3ZoBdO1eLpsDnM5zAOdaIR5PlTt8bbOugEEnRUkd6jX2JPxcYEUO:x7M1KY3mICzrPlpnUAPxc2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks