Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

way_bill_d...00.exe

windows7-x64

10

way_bill_d...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    way_bill_dhl_inv_bl_shipping_1707202300000000000000000000000000.exe

  • Size

    278KB

  • Sample

    230718-hcx35ahe2v

  • MD5

    2f4193ff4326d69ddaef834f0dc2e392

  • SHA1

    f55b54fbae11b6b0b8b780c5f5fad47695f0d0e2

  • SHA256

    f0fa77d698c8090d73a9c8af84fcfd63418bca7997367e410a15958b80c940bf

  • SHA512

    0d30580666fe153bf29e9a02b4964a4d9dfaf866641167f8a9bcd69449e349a6b10d9af31f120680eefe5308884eadbeedb16657439b376829cc772a4a482fdc

  • SSDEEP

    6144:FYa6fQVAyPG9xMy89AiSc/4m00WIhN0Hvr4aKQmkDVz/dmPRJEWzxb:FYsAyP2PaSG00daKnkDVDwPRuy

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5672966801:AAGkdauVLuRijg4BBwGbZ-5sO2ggBTSZUHE/

Targets

    • Target

      way_bill_dhl_inv_bl_shipping_1707202300000000000000000000000000.exe

    • Size

      278KB

    • MD5

      2f4193ff4326d69ddaef834f0dc2e392

    • SHA1

      f55b54fbae11b6b0b8b780c5f5fad47695f0d0e2

    • SHA256

      f0fa77d698c8090d73a9c8af84fcfd63418bca7997367e410a15958b80c940bf

    • SHA512

      0d30580666fe153bf29e9a02b4964a4d9dfaf866641167f8a9bcd69449e349a6b10d9af31f120680eefe5308884eadbeedb16657439b376829cc772a4a482fdc

    • SSDEEP

      6144:FYa6fQVAyPG9xMy89AiSc/4m00WIhN0Hvr4aKQmkDVz/dmPRJEWzxb:FYsAyP2PaSG00daKnkDVDwPRuy

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks