Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ddc5d1c80b...e6.exe

windows7-x64

10

ddc5d1c80b...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c946c6ece983be6b90130622fcbeb0e1f89052fafb2e609cd258da609cc8e8fd

  • Size

    630KB

  • Sample

    240417-q6l7qaae76

  • MD5

    0bca7593329ce6b529a3b71ae76645e1

  • SHA1

    bcd522f22c70915f219f0742de1e7e6da8efcbc0

  • SHA256

    c946c6ece983be6b90130622fcbeb0e1f89052fafb2e609cd258da609cc8e8fd

  • SHA512

    bdaebab549681adbb746df0ba88c8cec33c450a15294d151ca93dab4f456bc18378647d679c8a703622b052aa0584270b31e31d0f89e60c3a8c3eeda8c59c25f

  • SSDEEP

    12288:xQl5dLpieFN7z4K3kJM9slNe6cZaxdlPqcQlJNcA8Bylng6He:Kp/zHoC9Ue6ckxdlyp5yUgme

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.ipr-co.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    IPRco@100102@

Targets

    • Target

      ddc5d1c80b07a16ba4a2d8d289dcfccaa1c2f25a525d96f223be8c8eedf9e9e6.exe

    • Size

      676KB

    • MD5

      458d13e193d1def40ff8862d04ee3839

    • SHA1

      2441106df18080573cd0691f86c254e4e0a6193e

    • SHA256

      ddc5d1c80b07a16ba4a2d8d289dcfccaa1c2f25a525d96f223be8c8eedf9e9e6

    • SHA512

      c72ace9e6a680f087715a1727cf89e4dc5e490b697d238681662a3f0bb0df0a0184ab92c469b6aaa6fb29ba8871eb69620fa98cb3c27cddfb76b20f8a56df0c1

    • SSDEEP

      12288:57jia5WBDPVjYEeDxwq0BbIH+pKgzRltb2WupXMPj1pFSKgBqKTcmYkV+/1PLfWN:BGB7VjYHDxl8b+MKoRrKpXiJpFSKgBqi

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks