Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

CATALOG DE...df.exe

windows7-x64

10

CATALOG DE...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa693795580f8dcef4e2ba8415d3564a07ac8003bce39cb8d5bcf56c41bfac53

  • Size

    800KB

  • Sample

    231002-me2asagh41

  • MD5

    ac45726f11f6dbf83a7005675ac87415

  • SHA1

    23868b61dd6a8ae2189160a88580070350b6f5b7

  • SHA256

    fa693795580f8dcef4e2ba8415d3564a07ac8003bce39cb8d5bcf56c41bfac53

  • SHA512

    6f6da8fc044c32c9686512005eee20a7902de589e693f4a58fca8b5cea32b488d3a4b3226e0986b58dbfca183a04c6e4fd5aa529de40b905271df2fd04c3d389

  • SSDEEP

    12288:Y2K9lV/9GDJHYiBcTAx6zuGsvo9eJaj1wOVRPx0zaDPlvAyUksOjZwk/CEEFmbM1:Y0pYFeGsvW1Fm6lPxZXIaT6VIM

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6331768257:AAE1Rrc3F4A-nTJkfXEukNBriTate8i72L8/

Targets

    • Target

      CATALOG DESIGN SAMPLE.pdf.exe

    • Size

      893KB

    • MD5

      3bfaae0b4bea0b36968b40a08bdb0d85

    • SHA1

      d967799713af81d2cf41521bc83743527179ed17

    • SHA256

      0df26b825268eef7d7f14c5e4d01b554662033aaff921d055e35dccef79bd536

    • SHA512

      eeebf033b35b4a130d0bbaa300c4ab0b9700368716ef8cb144b2508112a6c15bcf4d7fcacbf7c4ce291aec1bcaeb01a60eb717d5cf3504cc8103134fb3430508

    • SSDEEP

      12288:wgIdCFdSZHZ/vEUsHWihc7Ax6zGGYvo9eHajD2O9RPxMza9PlfAwU0sOjVwAXCE5:XYYSZ5/vWW7WGYvYD7iulDTV5UETmbat

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollectionpersistence

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks