Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    970b659d4ac41f366cdfdd480f80f204_JaffaCakes118

  • Size

    856KB

  • Sample

    241124-y9pe9axrex

  • MD5

    970b659d4ac41f366cdfdd480f80f204

  • SHA1

    827e0bed63f595f233cc9e2663a71b2f9a011691

  • SHA256

    ecc1fd1b10f173ed89edb0288c945642d67c2e19a70f8f12775361cfccb4c641

  • SHA512

    ddfd72b021d91b16ffa8e65c51fe7a88b25ec7844955651dbac98275982fff29eca05abcdd98a08c80e52a147b67a889475745f030b8f8269ef8a7dc1509706e

  • SSDEEP

    24576:RyaHMNjZ9gQBkQHdypvSW1FnzSerg6ilDrDpqTW:jshNVWSWLPrgHlDrNqT

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    jojo@glimpse-it.co
  • Password:
    joegrace2021

Targets

    • Target

      970b659d4ac41f366cdfdd480f80f204_JaffaCakes118

    • Size

      856KB

    • MD5

      970b659d4ac41f366cdfdd480f80f204

    • SHA1

      827e0bed63f595f233cc9e2663a71b2f9a011691

    • SHA256

      ecc1fd1b10f173ed89edb0288c945642d67c2e19a70f8f12775361cfccb4c641

    • SHA512

      ddfd72b021d91b16ffa8e65c51fe7a88b25ec7844955651dbac98275982fff29eca05abcdd98a08c80e52a147b67a889475745f030b8f8269ef8a7dc1509706e

    • SSDEEP

      24576:RyaHMNjZ9gQBkQHdypvSW1FnzSerg6ilDrDpqTW:jshNVWSWLPrgHlDrNqT

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.