Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    846fbef77b60f9493d30acf744b29b893805934849ef34409bad369e2012ece8

  • Size

    2.2MB

  • Sample

    241226-bks1tasrh1

  • MD5

    4e6424cacaa5f508e516ce8423c7a8b8

  • SHA1

    240e24cd609d9059a7efc3aac10bd182a26b4c9a

  • SHA256

    846fbef77b60f9493d30acf744b29b893805934849ef34409bad369e2012ece8

  • SHA512

    e1717979958a28c41b2c68ff2383f92a06c9a0573fa01120b708e7c240ad98e881787ed8529c3a92bc11f4cadcf4cdd8e8a1f41e6b19da296fb97ea3b37a1c0c

  • SSDEEP

    12288:Pph6Me9MuqZQyeP4R25uXKtBwIdVP6yhgMG4vAp4EFluz91uVWa5gypb:peSFeQR2MXKtJtdG4Ip4BEV95p

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7473226879:AAEQq47vzNj1ev2yBhgx7mOe-d3wzyPu7AE/

Targets

    • Target

      846fbef77b60f9493d30acf744b29b893805934849ef34409bad369e2012ece8

    • Size

      2.2MB

    • MD5

      4e6424cacaa5f508e516ce8423c7a8b8

    • SHA1

      240e24cd609d9059a7efc3aac10bd182a26b4c9a

    • SHA256

      846fbef77b60f9493d30acf744b29b893805934849ef34409bad369e2012ece8

    • SHA512

      e1717979958a28c41b2c68ff2383f92a06c9a0573fa01120b708e7c240ad98e881787ed8529c3a92bc11f4cadcf4cdd8e8a1f41e6b19da296fb97ea3b37a1c0c

    • SSDEEP

      12288:Pph6Me9MuqZQyeP4R25uXKtBwIdVP6yhgMG4vAp4EFluz91uVWa5gypb:peSFeQR2MXKtJtdG4Ip4BEV95p

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks