Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Payment Advice.xlsx

windows7-x64

10

Payment Advice.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Advice.xlsx

  • Size

    124KB

  • Sample

    221101-xhbveaecd3

  • MD5

    4f3658e1a1df3b7946ea00ca892229fb

  • SHA1

    8c96438a037300e91cdd8a1845f05df58e0d4217

  • SHA256

    e6504d9b81e18f7d2c98152126b8d5d592a5d630da801218c702a1740181c1ea

  • SHA512

    8a71c7a530365a1c20a9f78f43b7fee2f01c60fe9ef9a5e0e3ad1c73ba9f8d3c47beadc3c68d136b6fa94ca9003dcc8c3eadca76341dfa3006c925b0116edbb9

  • SSDEEP

    3072:zAH/xaU+T70oua+cw5Oj/rNb2uq9YPFZ+oTS1QXRmQ:EH/X+f0585us+l1Qhj

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1900392974:AAEB_yGGlWksNcNC4Dg08OgUSlmDON2w098/sendDocument

Targets

    • Target

      Payment Advice.xlsx

    • Size

      124KB

    • MD5

      4f3658e1a1df3b7946ea00ca892229fb

    • SHA1

      8c96438a037300e91cdd8a1845f05df58e0d4217

    • SHA256

      e6504d9b81e18f7d2c98152126b8d5d592a5d630da801218c702a1740181c1ea

    • SHA512

      8a71c7a530365a1c20a9f78f43b7fee2f01c60fe9ef9a5e0e3ad1c73ba9f8d3c47beadc3c68d136b6fa94ca9003dcc8c3eadca76341dfa3006c925b0116edbb9

    • SSDEEP

      3072:zAH/xaU+T70oua+cw5Oj/rNb2uq9YPFZ+oTS1QXRmQ:EH/X+f0585us+l1Qhj

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks