Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

97fd0ea2f2...94.exe

windows7-x64

10

97fd0ea2f2...94.exe

windows10-1703-x64

10

97fd0ea2f2...94.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97fd0ea2f2ebe8dc9decafa546e62a5225feca31893c1e1dd820540d4211a594

  • Size

    701KB

  • Sample

    230824-q6sdqsee3w

  • MD5

    81d1d9cf8554391462923fb0cc59bd99

  • SHA1

    85a80bd672c95adf95a846d9866376b06607c0ef

  • SHA256

    97fd0ea2f2ebe8dc9decafa546e62a5225feca31893c1e1dd820540d4211a594

  • SHA512

    8084b99f3fa4f2a66b4b24d76711c8300db6ffeccc75eaca5f8dc7a379a6055b5bef0f104e32f3b525a8a61ebdd23aac1a012f3e7b594152847e15fbe9987547

  • SSDEEP

    12288:2Iql3qaz3KVcgN72g1g361TEp+N/NpiJna7QMaF/90Qhtz3VU60S9bjGP:6NjuqM72g1gcI0N/WEpS9qzwbj

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.pingente.pt
  • Port:
    587
  • Username:
    encomendas@pingente.pt
  • Password:
    Pingente#2o21

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.pingente.pt
  • Port:
    587
  • Username:
    encomendas@pingente.pt
  • Password:
    Pingente#2o21
  • Email To:
    jbbs6381@gmail.com

Targets

    • Target

      97fd0ea2f2ebe8dc9decafa546e62a5225feca31893c1e1dd820540d4211a594

    • Size

      701KB

    • MD5

      81d1d9cf8554391462923fb0cc59bd99

    • SHA1

      85a80bd672c95adf95a846d9866376b06607c0ef

    • SHA256

      97fd0ea2f2ebe8dc9decafa546e62a5225feca31893c1e1dd820540d4211a594

    • SHA512

      8084b99f3fa4f2a66b4b24d76711c8300db6ffeccc75eaca5f8dc7a379a6055b5bef0f104e32f3b525a8a61ebdd23aac1a012f3e7b594152847e15fbe9987547

    • SSDEEP

      12288:2Iql3qaz3KVcgN72g1g361TEp+N/NpiJna7QMaF/90Qhtz3VU60S9bjGP:6NjuqM72g1gcI0N/WEpS9qzwbj

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.