Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

PO-1607201...AI.exe

windows7-x64

10

PO-1607201...AI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-1607201158 --- NAXILAI.zip

  • Size

    552KB

  • Sample

    221217-ngkw9age94

  • MD5

    37984cec28f549af24029cbf8be51873

  • SHA1

    1777aae023c251ab0fa54c4f773ce7f8d8b08057

  • SHA256

    3ddde48f233953cfe9064930012c4ab90d90439291fa093b08ee16c06e6eb966

  • SHA512

    259f7dfdf5651e621607f2d373c29570fc73d5096ec032bd7ce9e87433e6173d838fae2e9db04a8b3120842972323c9710487ef2f89d8ac1446290ed94e21f8f

  • SSDEEP

    12288:6jUGLG9yelqiE7UB5/gAXZ1I6c1u2GHDiy+U6xo1C6Dv:6NgAh7UBNgt92Diy+Uio1L

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @@Marriedj8OQWinbi1

Targets

    • Target

      PO-1607201158 --- NAXILAI.exe

    • Size

      599KB

    • MD5

      344e038bc93ae48700830b37b78beb36

    • SHA1

      d994820625144db20ad0ff08abf3ede71b6232fa

    • SHA256

      747e7e2681dcb1663759b915ce6a656d40954127343aff9fade05be78d3d99df

    • SHA512

      aede41fd50dfb8169f05b6bd8d168d727db52bdfefc9da38f83bea07d6c29a02e2cf7dff1d7e50a39ee7a960eeabc0f3fddb7ee4c5da927cb429f373bda18610

    • SSDEEP

      12288:b5kWP9tuelkielUBb3gsXZ1I6k1Y2kvARw+y6xu:beCC7lUBrgbVzRw+yi

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks