Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

92878cdf67...f2.exe

windows7-x64

10

92878cdf67...f2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    101349630a89cb5a6c81a0581355ec64.bin

  • Size

    618KB

  • Sample

    230924-bc6lyabc7s

  • MD5

    861ed02ae78880609d49e0ab92fd9310

  • SHA1

    52d2ce61cb28f66d32fe8643db9f97766f48aa03

  • SHA256

    c39aa2f78713633633ebab86c5e07c403cf03bb55a846c0e29d39f5b5f3f0811

  • SHA512

    9945d7e50ac4168e124e1169d06d4c2b0c6d12be8ae19f9e5ba4ac6c0c72d8739c4487ef25afb21d2922ecaefcbf50317cc2d56d29ba1827f149c415e1dde6f7

  • SSDEEP

    12288:Opuv7biQf3UIn9GM2eaxHfHZTlFB6vN+dj91dvWqFLRz+d/TUGCHobadz:HVMIn9GBB/5/x/Kd/TFbm

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      92878cdf6771032cedff027921afbec33c57acffc2203f9a03248343dbc7bdf2.exe

    • Size

      1.4MB

    • MD5

      101349630a89cb5a6c81a0581355ec64

    • SHA1

      26ff7d296835f5c7f697214aeac6daae83195b99

    • SHA256

      92878cdf6771032cedff027921afbec33c57acffc2203f9a03248343dbc7bdf2

    • SHA512

      032d6f63d648497b098f727ee8b014142a7d7b1b9bd83cbe6f3680ad31cb0cc8cb543e0595b75d9bb73fbb9f158edf02b4d87651b180ee465cd80aec01fc5135

    • SSDEEP

      24576:Y5lV81KYSysCGKa4ZTnGp3Ip72oY2Jjlr1mrA8C5pofK:ElGKYcyfZja3Ip72oY2JjNX

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks