Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Product sa...er.exe

windows7-x64

10

Product sa...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Product samples - new order.exe

  • Size

    579KB

  • Sample

    230503-bdsfpseh9s

  • MD5

    bf3bd006f835d90c757ff98930fcb18e

  • SHA1

    eb32977c884c2de3435218f365c19159a1886d1f

  • SHA256

    b6f722fd8ecb1b6116c8755a385ade64a3155792bf053bfa9d477b4a94eb6132

  • SHA512

    a0b4a79b54e4b5dde9d5514ab1a67b6d07f212ce8288c1e831d067656dd3740f5520a96938f110007eeb66bbd890880e9748ac42c3d807de61d50aceae396749

  • SSDEEP

    12288:1SD3FsdOkvY0NOUMqPoos6h/e4z6sfoxWyv2:i3FshQ0NpQJu/T6sgWX

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6245703396:AAHg_TQ1WtLp1lxzk_kMvpbNJkMGbBCOayI/

Targets

    • Target

      Product samples - new order.exe

    • Size

      579KB

    • MD5

      bf3bd006f835d90c757ff98930fcb18e

    • SHA1

      eb32977c884c2de3435218f365c19159a1886d1f

    • SHA256

      b6f722fd8ecb1b6116c8755a385ade64a3155792bf053bfa9d477b4a94eb6132

    • SHA512

      a0b4a79b54e4b5dde9d5514ab1a67b6d07f212ce8288c1e831d067656dd3740f5520a96938f110007eeb66bbd890880e9748ac42c3d807de61d50aceae396749

    • SSDEEP

      12288:1SD3FsdOkvY0NOUMqPoos6h/e4z6sfoxWyv2:i3FshQ0NpQJu/T6sgWX

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.