Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c7057a9a9f...9f.exe

windows7-x64

10

c7057a9a9f...9f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e0b1800a3e2130e054ccb47449deaf40.bin

  • Size

    605KB

  • Sample

    230527-b9cecsab46

  • MD5

    932439e7f837118b14eea165a61a2e1e

  • SHA1

    050aa0026a0851643df8077ce9b3576c0d8bb808

  • SHA256

    2e53201aa15cf8066ec055513ccb2b0afe19b598cfa9b0823123c0c7dcac43be

  • SHA512

    19d3c59363186722249bb6f8bc02ba1d1dc1fd51d95875f754780916888d8de0f4807abdc9d1a3cbc0e56203c2fd4506d236d1cb3c74baa89821b797e92af673

  • SSDEEP

    12288:Tq6r0aiDhNs9DH8RRfieCZQlLVR6boe921I9cHn0hOak1:O63Yhi9Dc7fipiLfqoe921I9cH0hOak1

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5814058627:AAFjPgERfyp3AZJXAfISMezajcw2VR_A_9U/

Targets

    • Target

      c7057a9a9f625dc07c2d893859df339831330e74a0cfb6b7677bf973f0af279f.exe

    • Size

      671KB

    • MD5

      e0b1800a3e2130e054ccb47449deaf40

    • SHA1

      0607caa0928ba90d7129371dc3c927a4e6738149

    • SHA256

      c7057a9a9f625dc07c2d893859df339831330e74a0cfb6b7677bf973f0af279f

    • SHA512

      e22f7618cc75cb83c38729924c5bdc2bcbad3d35297f08c521d8aa1c006ee65129bc1a49ce2f61e4dc85af263ce94c3bf02387b943d0d5d7095e5143f4ce68de

    • SSDEEP

      12288:P5ymzZBEP85fOqOPwoGzVqgH2qHQVBS1YbS5YILRjSBZVGSjrAArtJiRC:l9BEP8BOqywoGzVqw28QVBSQsHljeCOL

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks