Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

32462924b1...3f.exe

windows7-x64

10

32462924b1...3f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32462924b1f299b10b84dee93c0ebc876811da42dd74c6fa942c217172a26a3f.exe

  • Size

    860KB

  • Sample

    240212-czl2gsaf37

  • MD5

    c98524cd26805079bf4d149bf3c79fa4

  • SHA1

    4eea9d637f2c24dbcc21970436027a77660a0793

  • SHA256

    32462924b1f299b10b84dee93c0ebc876811da42dd74c6fa942c217172a26a3f

  • SHA512

    3b4a240ff524c8023527a62180208da4f460f4d7185daa24ac61033b02b1a4b7d5a1aa3bfe6241d12134018100e46cd0b5dbc1e7f665f3ac0a7c0554b3c7b413

  • SSDEEP

    24576:WiO9cxBPgcy/IrkvhZz9Lnu4nKyHstOXd:WiOp/KiRsVtmd

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.elektronikkutu.com
  • Port:
    587
  • Username:
    info@elektronikkutu.com
  • Password:
    9U:e3@wpS3:U7h_V
  • Email To:
    smt.treat@yandex.com

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.elektronikkutu.com
  • Port:
    587
  • Username:
    info@elektronikkutu.com
  • Password:
    9U:e3@wpS3:U7h_V

Targets

    • Target

      32462924b1f299b10b84dee93c0ebc876811da42dd74c6fa942c217172a26a3f.exe

    • Size

      860KB

    • MD5

      c98524cd26805079bf4d149bf3c79fa4

    • SHA1

      4eea9d637f2c24dbcc21970436027a77660a0793

    • SHA256

      32462924b1f299b10b84dee93c0ebc876811da42dd74c6fa942c217172a26a3f

    • SHA512

      3b4a240ff524c8023527a62180208da4f460f4d7185daa24ac61033b02b1a4b7d5a1aa3bfe6241d12134018100e46cd0b5dbc1e7f665f3ac0a7c0554b3c7b413

    • SSDEEP

      24576:WiO9cxBPgcy/IrkvhZz9Lnu4nKyHstOXd:WiOp/KiRsVtmd

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

    • Detects executables referencing Windows vault credential objects. Observed in infostealers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Detects executables referencing many email and collaboration clients. Observed in information stealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.