Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

9da27fa5bc...f.xlam

windows7-x64

10

9da27fa5bc...f.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51c83b2de8dfe3ab134836d72c8d947f.bin

  • Size

    12KB

  • Sample

    240530-cmsnhaag71

  • MD5

    a73615a15548b3268c8641b75be803c2

  • SHA1

    23fda779a228f8cbb09e9ff3432a7c60074819de

  • SHA256

    45b1d6dff9cc32e46cd01d7c729e7fa42ea39744a7c1835207031da28afb3f00

  • SHA512

    0ea164e477df2fab02f0c5450d3ee9d1c5e460b9645449a02df7453a79891e6fb5d59568bb4517793b1ca19cfe898ffc97cb73e3fa8bce48dd378396d537ddeb

  • SSDEEP

    384:Zgc5ve7yCmlOT4wsp92GUvSeVvHpyTn/iT:GYgy60ncGsSA

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      9da27fa5bc483972d00f0d5075f2a9a284b0b2da7a0a58aaf10b0ec52c23bd1f.xlsx

    • Size

      14KB

    • MD5

      51c83b2de8dfe3ab134836d72c8d947f

    • SHA1

      6a11c63ec9dade329c6e8c446f2c1a685bab76a1

    • SHA256

      9da27fa5bc483972d00f0d5075f2a9a284b0b2da7a0a58aaf10b0ec52c23bd1f

    • SHA512

      bffd2ced369d18c65fd9f902a312bf0de351ddd47a3d7e8cb96b61abc0cc87eb5afd60b7d802432f48f6914cb4c8d2119ec06825a829181736521cec9d2f901d

    • SSDEEP

      192:db2fY4E9dXIZwOfPEvfUOOJuHYfIWfqH5JvN7yQ9eW2UmEGwdcBx3AR4asjjI8Fa:L4EPXIZwO0vsbv6JBNeBUmg+iKaCj5w

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks