Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

OHMS.exe

windows7-x64

10

OHMS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OHMS.exe

  • Size

    1.1MB

  • Sample

    231011-yvgf4aac4y

  • MD5

    04ea0da6b921494dd73f396ecfe1de5d

  • SHA1

    bb082c74dd2297472ee4855f5400610358a775ed

  • SHA256

    db5eb79f5123b64dee1703eca26c91c3e4caa69b4515293778962c54eaded05d

  • SHA512

    b853ce633f9f6796419324897ab80bc9236ed4ab8447a5d6d7cdb66ee9f0392207fab57c9ce804e01231fa2e8da7b0a20405b27ba026d985e16d4e71776646df

  • SSDEEP

    24576:lz2Vk+YQNRfO2w9aiXjvxNe0O0w8B63L+q1Kj1:laVNYCG2w8ibe07U3L+q

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    r.heikal@alfursaneq.com
  • Password:
    kOOdr$f8

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    r.heikal@alfursaneq.com
  • Password:
    kOOdr$f8

Targets

    • Target

      OHMS.exe

    • Size

      1.1MB

    • MD5

      04ea0da6b921494dd73f396ecfe1de5d

    • SHA1

      bb082c74dd2297472ee4855f5400610358a775ed

    • SHA256

      db5eb79f5123b64dee1703eca26c91c3e4caa69b4515293778962c54eaded05d

    • SHA512

      b853ce633f9f6796419324897ab80bc9236ed4ab8447a5d6d7cdb66ee9f0392207fab57c9ce804e01231fa2e8da7b0a20405b27ba026d985e16d4e71776646df

    • SSDEEP

      24576:lz2Vk+YQNRfO2w9aiXjvxNe0O0w8B63L+q1Kj1:laVNYCG2w8ibe07U3L+q

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.