Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e

  • Size

    658KB

  • Sample

    241124-bysxzaxlbw

  • MD5

    6348941741d25ad4a6210eff2087c178

  • SHA1

    d6f946c15298cc3942486cc8f703e50c3f621335

  • SHA256

    bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e

  • SHA512

    fad70434447abde63105ca1f7c6b366a4f952eae1a6994b0adcdef750ac55cc88cd39d4ee0ee760e6caec0cb3b7f2f159f1866e277c139fa6c2771b9c960e3aa

  • SSDEEP

    12288:sOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPitC1xWV/ugVkH5P3h8pLBM:sq5TfcdHj4fmbEC10/LT5a

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    3.*RYhlG)lkA

Targets

    • Target

      bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e

    • Size

      658KB

    • MD5

      6348941741d25ad4a6210eff2087c178

    • SHA1

      d6f946c15298cc3942486cc8f703e50c3f621335

    • SHA256

      bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e

    • SHA512

      fad70434447abde63105ca1f7c6b366a4f952eae1a6994b0adcdef750ac55cc88cd39d4ee0ee760e6caec0cb3b7f2f159f1866e277c139fa6c2771b9c960e3aa

    • SSDEEP

      12288:sOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPitC1xWV/ugVkH5P3h8pLBM:sq5TfcdHj4fmbEC10/LT5a

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks