Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Veno-Temp.exe

windows7-x64

10

Veno-Temp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Veno-Temp.exe

  • Size

    1.8MB

  • Sample

    240507-sklp6seh88

  • MD5

    4e14e3329bd6098eab74b4f5ab353ed5

  • SHA1

    5f3d08e373832f20f5a2545b30990302fc290e7c

  • SHA256

    9d15506ae270a26ed30b0d43459af0e11ef13d5da5ba826765f8e3634af25c20

  • SHA512

    3932793dfb721c592b54139ff884274b6bd0eec5058ce71f410b68024c15ce276077eec5c74c0f463fa7881099631b050316d4c69af4366cdb95f864cadaa89f

  • SSDEEP

    49152:kO46iPPbh9NSY32G2FITYbNbNWo4kSH3OqtwIrkqXfd+/9A:N4DDNP32bIT4bNJFY3Oqt3kqXf0F

Score
10/10
agentteslaevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Veno-Temp.exe

    • Size

      1.8MB

    • MD5

      4e14e3329bd6098eab74b4f5ab353ed5

    • SHA1

      5f3d08e373832f20f5a2545b30990302fc290e7c

    • SHA256

      9d15506ae270a26ed30b0d43459af0e11ef13d5da5ba826765f8e3634af25c20

    • SHA512

      3932793dfb721c592b54139ff884274b6bd0eec5058ce71f410b68024c15ce276077eec5c74c0f463fa7881099631b050316d4c69af4366cdb95f864cadaa89f

    • SSDEEP

      49152:kO46iPPbh9NSY32G2FITYbNbNWo4kSH3OqtwIrkqXfd+/9A:N4DDNP32bIT4bNJFY3Oqt3kqXf0F

    Score
    10/10
    agentteslaevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks