Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

Shipping D...XX.exe

windows7-x64

10

Shipping D...XX.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping Documents inv. 523435300XX.exe

  • Size

    1.1MB

  • Sample

    240527-t2hkhsac51

  • MD5

    efae427357884a8d496facd0298f6af8

  • SHA1

    a69384c7d0d889050d55e557b51e97aa8a3554f7

  • SHA256

    b86258bbf5182d3da8292cbff6262a90cef9dd418fd8b6706fde5747662da2ae

  • SHA512

    fa5c041de19a1c812351cad0eb2b040677584969838f37e4e752e9abb85c9db78488f5371015d08e39a33dcbddbc9292f28da23fddea1c5dbfab1ea252ef3a52

  • SSDEEP

    24576:NAHnh+eWsN3skA4RV1Hom2KXMmHazOnIiLQiAQJGyzq925:sh+ZkldoPK8YazOIiLQiRYyzV

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Shipping Documents inv. 523435300XX.exe

    • Size

      1.1MB

    • MD5

      efae427357884a8d496facd0298f6af8

    • SHA1

      a69384c7d0d889050d55e557b51e97aa8a3554f7

    • SHA256

      b86258bbf5182d3da8292cbff6262a90cef9dd418fd8b6706fde5747662da2ae

    • SHA512

      fa5c041de19a1c812351cad0eb2b040677584969838f37e4e752e9abb85c9db78488f5371015d08e39a33dcbddbc9292f28da23fddea1c5dbfab1ea252ef3a52

    • SSDEEP

      24576:NAHnh+eWsN3skA4RV1Hom2KXMmHazOnIiLQiAQJGyzq925:sh+ZkldoPK8YazOIiLQiRYyzV

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks