Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

97fa9df0ae...7f.exe

windows7-x64

10

97fa9df0ae...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97fa9df0ae7536db7c2427ff65ba51db3bbd22ebe957bf406ebe3f4ba4a46f7f.exe

  • Size

    2.0MB

  • Sample

    240524-mk6sfsdg4y

  • MD5

    8f184daf4d3d0fac93db93c798e616ed

  • SHA1

    f8c6c99b7e0572347ed1bee3ddb425e31f6cb643

  • SHA256

    97fa9df0ae7536db7c2427ff65ba51db3bbd22ebe957bf406ebe3f4ba4a46f7f

  • SHA512

    652d87c3ce83e960f3aa0edc2b16d8003b8b8a52d6025afb2818303b2d92ea4d123f3269249b751dff3d421ba46f9460d0d3c48be826808bfe4eaae9be21cd3e

  • SSDEEP

    24576:8ynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52AOXuq01dKqOFFSyF8FaE:9jN3CdJ81nEQhs30eouqsrOFXOaE

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7043330881:AAFq19dRSS-89_wbwEvbuucof5Z3tCHG2NY/

Targets

    • Target

      97fa9df0ae7536db7c2427ff65ba51db3bbd22ebe957bf406ebe3f4ba4a46f7f.exe

    • Size

      2.0MB

    • MD5

      8f184daf4d3d0fac93db93c798e616ed

    • SHA1

      f8c6c99b7e0572347ed1bee3ddb425e31f6cb643

    • SHA256

      97fa9df0ae7536db7c2427ff65ba51db3bbd22ebe957bf406ebe3f4ba4a46f7f

    • SHA512

      652d87c3ce83e960f3aa0edc2b16d8003b8b8a52d6025afb2818303b2d92ea4d123f3269249b751dff3d421ba46f9460d0d3c48be826808bfe4eaae9be21cd3e

    • SSDEEP

      24576:8ynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52AOXuq01dKqOFFSyF8FaE:9jN3CdJ81nEQhs30eouqsrOFXOaE

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks