Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

MT NAXOS ...df.scr

windows7-x64

10

MT NAXOS ...df.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MT NAXOS VOY 8 - PDA.pdf.lzh

  • Size

    709KB

  • Sample

    240521-eqd1mahc31

  • MD5

    6d58444ad1bbd477ace587e7f06b91b7

  • SHA1

    0bc66d4c6f62786f4dff74009640dc0ee85e6856

  • SHA256

    6db9f3afd930e69be3a9e93871d34443586de96e3e4f7335ae3a77d441987697

  • SHA512

    f4babc83415d29745e2fadb37ba65bf7aca2410a477eef48cd9eb4bf123c3ece4844ebd93823cbcdf35a52d107ed8472c572e08db0a95a7e342a92374669c7d6

  • SSDEEP

    12288:6fCHoNSbaKAYvR3PDZLv2qt2hEAB2Xkvu97Ymuj3PiMojYuy+etYNjU0f5pxqa4F:6fCHoQbaKtNBJ5Xkvu97/q3qMoMJ+eQQ

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://beirutrest.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    9yXQ39wz(uL+

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    beirutrest.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    9yXQ39wz(uL+

Targets

    • Target

      MT NAXOS VOY 8 - PDA.pdf.scr

    • Size

      744KB

    • MD5

      9e6e2cf548ecf7f6c13e476a0d759366

    • SHA1

      36ba9376dccc7404ba515178e7a456e5f97f00be

    • SHA256

      c047a048b7be9b9516d3df0cc45f3af5b5a2f7a6d21a5f874f822cb2008f8f4e

    • SHA512

      d4bb9d43301d177d0879f29c55e6f4b298ff069859f0dd231a35071426bfc0d04482bfcfef01b22c67c591b918572963d3a506d9ee90d1eb8c97718c7b01cf0d

    • SSDEEP

      12288:azCn6yWn7fcpVZlu/6uHEu5C0dFOmz9ugtsgHz6/v9APU+wKNixuFy/cm:Tn698VVYPOmz9btswgbxKgxuFy/3

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks