Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Kopia plat...12.exe

windows10-1703-x64

10

Kopia plat...12.exe

windows7-x64

1

Kopia plat...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kopia platnosci Bank Pekao-6100046554300060012.exe

  • Size

    501KB

  • Sample

    230310-q1nhladh66

  • MD5

    26a08f0f611ff71679873104dbea4d39

  • SHA1

    a76c3a9ac264878f0d715e81820b5edaa3c621a3

  • SHA256

    5b0cb936865587b7d9fa14900e6ba7710d145872b77ac57570b3521c10191cda

  • SHA512

    51bf94b0d41216f02fe776c939561eee028de0bdfa33f2777947ff386e62f8f09363f83efae786124a8539b8b1e9fe2893a37f4d32f2994f5b5602f6f97528f0

  • SSDEEP

    6144:mclAYP4QmP2qYmWCYyB9QSn8qq13w3CpjGDiSzdrnFvsHLZBqJ1Si82EOQis:b3S63u1nFvsHLZi1SiREX

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.1und1.de
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    xwwwbm1919

Targets

    • Target

      Kopia platnosci Bank Pekao-6100046554300060012.exe

    • Size

      501KB

    • MD5

      26a08f0f611ff71679873104dbea4d39

    • SHA1

      a76c3a9ac264878f0d715e81820b5edaa3c621a3

    • SHA256

      5b0cb936865587b7d9fa14900e6ba7710d145872b77ac57570b3521c10191cda

    • SHA512

      51bf94b0d41216f02fe776c939561eee028de0bdfa33f2777947ff386e62f8f09363f83efae786124a8539b8b1e9fe2893a37f4d32f2994f5b5602f6f97528f0

    • SSDEEP

      6144:mclAYP4QmP2qYmWCYyB9QSn8qq13w3CpjGDiSzdrnFvsHLZBqJ1Si82EOQis:b3S63u1nFvsHLZi1SiREX

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks