Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b22bfaedfb...08.exe

windows7-x64

10

b22bfaedfb...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b22bfaedfb1e0c435f49909cdb14ff08.exe

  • Size

    762KB

  • Sample

    230602-lbxmrabb6y

  • MD5

    b22bfaedfb1e0c435f49909cdb14ff08

  • SHA1

    12bede9cc86635f520a3fe6b006a4a7dc8858210

  • SHA256

    8e4a644ab5ad02854fef51a8167107c8b5bd4fe503d8bf84fb08dc78fcd9f53b

  • SHA512

    149487ff2758b3ed623cbc7f5c12d34dd1e1ef7be104b822796678ab34225af15d59a63d98cef1a162d9ba974484c2cf3bedba73163d756d04ade0297e0c0fe2

  • SSDEEP

    12288:0XtR7l7xdvo/MdyrhFgtDsuBHsSj5J4+saBGei+LTkNIcYt0MDWBLLr/stiA+OFl:0t9BqmycgiH75BDkNIcRoWxqiA+yo6vb

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      b22bfaedfb1e0c435f49909cdb14ff08.exe

    • Size

      762KB

    • MD5

      b22bfaedfb1e0c435f49909cdb14ff08

    • SHA1

      12bede9cc86635f520a3fe6b006a4a7dc8858210

    • SHA256

      8e4a644ab5ad02854fef51a8167107c8b5bd4fe503d8bf84fb08dc78fcd9f53b

    • SHA512

      149487ff2758b3ed623cbc7f5c12d34dd1e1ef7be104b822796678ab34225af15d59a63d98cef1a162d9ba974484c2cf3bedba73163d756d04ade0297e0c0fe2

    • SSDEEP

      12288:0XtR7l7xdvo/MdyrhFgtDsuBHsSj5J4+saBGei+LTkNIcYt0MDWBLLr/stiA+OFl:0t9BqmycgiH75BDkNIcRoWxqiA+yo6vb

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks