Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    96810c278f2f69d4a70ddad247479331_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241124-xak34ssrfz

  • MD5

    96810c278f2f69d4a70ddad247479331

  • SHA1

    89982da24e87e6b91ebcde0b4ae597be56cdc70a

  • SHA256

    de154aa64f3b83a93a0a9a55d0a3ed5d3ddb0ff96d1b0f3d96ab9ec2a6f48655

  • SHA512

    b40d8fad7e1cf7a6a6a683d0354fc1b4f97398c058a0b7258c3b8d4f86cf8fe4869872f0f3e6428ab7b3e92a15b10b78488eaf14857615f22fe8c01b52764cc3

  • SSDEEP

    24576:mYkO12hcK4sMmLFJ5EVIS7a/tXhZTmc4:mBOCr2iJZCc4

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      96810c278f2f69d4a70ddad247479331_JaffaCakes118

    • Size

      1.1MB

    • MD5

      96810c278f2f69d4a70ddad247479331

    • SHA1

      89982da24e87e6b91ebcde0b4ae597be56cdc70a

    • SHA256

      de154aa64f3b83a93a0a9a55d0a3ed5d3ddb0ff96d1b0f3d96ab9ec2a6f48655

    • SHA512

      b40d8fad7e1cf7a6a6a683d0354fc1b4f97398c058a0b7258c3b8d4f86cf8fe4869872f0f3e6428ab7b3e92a15b10b78488eaf14857615f22fe8c01b52764cc3

    • SSDEEP

      24576:mYkO12hcK4sMmLFJ5EVIS7a/tXhZTmc4:mBOCr2iJZCc4

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks