Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    97cdaebd008fd9baf3ee40ea65740643_JaffaCakes118

  • Size

    216KB

  • Sample

    241124-3b6n4a1mej

  • MD5

    97cdaebd008fd9baf3ee40ea65740643

  • SHA1

    af16c98f3cd05903ab20e2e2ceaa747c740c2797

  • SHA256

    dd9396aff0f2c82c526a08ae0e69345b1662cf6727f0943e4a6f3ca636055231

  • SHA512

    3e7d2fefc8dcde6e15c15cb8ed211537ccb79bbad388b2cc20403aa1c5f4df2f1b718ad3db834ee9f79366f012d1802ea4d5a435749c2a34c366b012abd328df

  • SSDEEP

    3072:+GWu9tCKWrLDqHdjF+dUsiohHvnYu6iLv2T/oDP0sYTwdKOieWDuFHFYtUl0Y:+p+HvWUeHvYy20L0BTwdK2IuVFMUl

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.costa.com.pk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    isb123

Targets

    • Target

      97cdaebd008fd9baf3ee40ea65740643_JaffaCakes118

    • Size

      216KB

    • MD5

      97cdaebd008fd9baf3ee40ea65740643

    • SHA1

      af16c98f3cd05903ab20e2e2ceaa747c740c2797

    • SHA256

      dd9396aff0f2c82c526a08ae0e69345b1662cf6727f0943e4a6f3ca636055231

    • SHA512

      3e7d2fefc8dcde6e15c15cb8ed211537ccb79bbad388b2cc20403aa1c5f4df2f1b718ad3db834ee9f79366f012d1802ea4d5a435749c2a34c366b012abd328df

    • SSDEEP

      3072:+GWu9tCKWrLDqHdjF+dUsiohHvnYu6iLv2T/oDP0sYTwdKOieWDuFHFYtUl0Y:+p+HvWUeHvYy20L0BTwdK2IuVFMUl

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks