Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/10/2024, 10:44

241014-ms637atekd 10

General

  • Target

    Purchase Order.zip

  • Size

    34KB

  • Sample

    241014-ms637atekd

  • MD5

    2b00d36395411f8eab1ee87679fa47f4

  • SHA1

    338e68a2f0035eadd3861dc32e54721555cbec96

  • SHA256

    482e14aee1eb2793754529d967a6279f4c88dc11f79eee582a5c456f35b9cbb6

  • SHA512

    02747978663fc146640cbca89c705d99a73bbe756b01e5ff9d4717441ff081ce54ce2a32446b14729a7db4f7ec7cbe22d0718261a18e32b70ffc30d5fd8976d3

  • SSDEEP

    768:LHa44Yb24zrQSvO2uIxJeNPDHa44Yb24zrQSvO2uIxJeNPUb:L4W24zZv1xcF4W24zZv1xcY

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Product Specification.exe

    • Size

      49KB

    • MD5

      8a41760378020ab34b463912fb0897cc

    • SHA1

      057370c5e27938350dc9491aeafadaf80324d8f0

    • SHA256

      29d728ea6c0b2125e0141050f1e94bff73b27c1e61e2bf2604e46b50bc6dfd7d

    • SHA512

      40443829f0f42cd12b6f3f7f445feed2cf021af00437bbf2f69ff8d44c044e560c26088e222f1c376c5f101e2013c870abc18b0e9467d3fc4ef0dccc8bdb9cab

    • SSDEEP

      1536:82jz+wC4164ULzo2d5rrgjnumoDGpiWvv:8kM4164ULzvrV6Jvv

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • Target

      Purchase Order List.exe

    • Size

      49KB

    • MD5

      8a41760378020ab34b463912fb0897cc

    • SHA1

      057370c5e27938350dc9491aeafadaf80324d8f0

    • SHA256

      29d728ea6c0b2125e0141050f1e94bff73b27c1e61e2bf2604e46b50bc6dfd7d

    • SHA512

      40443829f0f42cd12b6f3f7f445feed2cf021af00437bbf2f69ff8d44c044e560c26088e222f1c376c5f101e2013c870abc18b0e9467d3fc4ef0dccc8bdb9cab

    • SSDEEP

      1536:82jz+wC4164ULzo2d5rrgjnumoDGpiWvv:8kM4164ULzvrV6Jvv

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks