Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

AWB NO. 81...41.exe

windows7-x64

10

AWB NO. 81...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AWB NO. 8148557141.exe

  • Size

    792KB

  • Sample

    230207-srwtqacd24

  • MD5

    a169ae631ac877e4e89d595b6ba03600

  • SHA1

    4589dd4afc4a6c9423ddba7442137e5beb502fb0

  • SHA256

    c1add17549206e0ea3e1025ec81ff8d7e5ae994381600ec84d33eeab50ea7232

  • SHA512

    f2a639c226a6e092c664921fcb99dba63ca564e024f0be3b364951c55a842a5767a95c79f7afd1d61400c01c396eb346346e110f18e744613008def4d0e0bcf3

  • SSDEEP

    12288:Nrt0wdeWKBp5gYcjzioNo5IhMbmfEJhJm6I6awHRr/CB06KuLpgbDDlG:NrGV7p55Ki7WhMKfCm6xawxO5dgZ

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/

Targets

    • Target

      AWB NO. 8148557141.exe

    • Size

      792KB

    • MD5

      a169ae631ac877e4e89d595b6ba03600

    • SHA1

      4589dd4afc4a6c9423ddba7442137e5beb502fb0

    • SHA256

      c1add17549206e0ea3e1025ec81ff8d7e5ae994381600ec84d33eeab50ea7232

    • SHA512

      f2a639c226a6e092c664921fcb99dba63ca564e024f0be3b364951c55a842a5767a95c79f7afd1d61400c01c396eb346346e110f18e744613008def4d0e0bcf3

    • SSDEEP

      12288:Nrt0wdeWKBp5gYcjzioNo5IhMbmfEJhJm6I6awHRr/CB06KuLpgbDDlG:NrGV7p55Ki7WhMKfCm6xawxO5dgZ

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks