Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2ce30c206c8b8fd863e98c63fa1c75b31a3c3018eab127c5496708cf8c95eb22.exe

  • Size

    1.0MB

  • Sample

    241211-cskvvawkbn

  • MD5

    c40b747e2e9780944a16ea7f1da5bb2f

  • SHA1

    6a8075a86cb9e4f643653f0c812831352ec56cf3

  • SHA256

    2ce30c206c8b8fd863e98c63fa1c75b31a3c3018eab127c5496708cf8c95eb22

  • SHA512

    da3f3b81b27bf0251bb5db1b6c2e01e2a82f555aaa610e664b9b3c2d56d96974daf7e521ee324031cf309f3eec354220db86c59f3aa6fc2f13a8fd34817d0caa

  • SSDEEP

    24576:qu6J33O0c+JY5UZ+XC0kGso6Fa17RcAvepIrWY:cu0c++OCvkGs9Fa17RcAvaXY

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      2ce30c206c8b8fd863e98c63fa1c75b31a3c3018eab127c5496708cf8c95eb22.exe

    • Size

      1.0MB

    • MD5

      c40b747e2e9780944a16ea7f1da5bb2f

    • SHA1

      6a8075a86cb9e4f643653f0c812831352ec56cf3

    • SHA256

      2ce30c206c8b8fd863e98c63fa1c75b31a3c3018eab127c5496708cf8c95eb22

    • SHA512

      da3f3b81b27bf0251bb5db1b6c2e01e2a82f555aaa610e664b9b3c2d56d96974daf7e521ee324031cf309f3eec354220db86c59f3aa6fc2f13a8fd34817d0caa

    • SSDEEP

      24576:qu6J33O0c+JY5UZ+XC0kGso6Fa17RcAvepIrWY:cu0c++OCvkGs9Fa17RcAvaXY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks