Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

SOA 6680085911.exe

windows7-x64

10

SOA 6680085911.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA 6680085911.zip

  • Size

    515KB

  • Sample

    230628-k2q28agh25

  • MD5

    6c8df164e3bd5b2881d622f0838ff974

  • SHA1

    274b64cb967196f8d3411bbd3612450a8d1a6ac4

  • SHA256

    ffb4e52f0da5c1e91f6286f5124afad7d02c54f490a966396cf05f760799467b

  • SHA512

    31e13bebee99beb8aa02ffe270cad5ea843d8f904c8e8e13ca7b5ad5471f78b014f6cc62a328b3e54d75742973b1012fbffb8efabafd134a18445efdab58fbd1

  • SSDEEP

    12288:BJZFwtFn5CcLOUz+AQjNyTT9PRnYzVcq2H0:B9wtvCcHQZyT15Hqu0

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SOA 6680085911.exe

    • Size

      693KB

    • MD5

      371bdacde39dede1227b620e61b78ff3

    • SHA1

      abd4c7feb4357c6bc72a18cf36c9e953d398116f

    • SHA256

      b97a932fadd096c350b870e0a0d9865c0c3a0d28f236575509fb349e347c92b4

    • SHA512

      2fad06fd5dc74e6ae8fba69aaf13db43d8bb6215c01f49689bb41159309971a0b1b74749e70ff420b672531d9ac3e481e6e21409d209ad659d36a9aa3823c76e

    • SSDEEP

      12288:zcj65qWT0l9tHn5CTZLOUzAA67m/0iYIj64YP6LCm/M27:Q6H6tZCVF67QBNj6HPAV0

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks