Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

db4d614276...57.exe

windows7-x64

10

db4d614276...57.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db4d61427699928cbe5b567a37a0336f42a1faf4771ef21e9e18dd37c86fe157

  • Size

    1.2MB

  • Sample

    240601-b53qradd8z

  • MD5

    ecd70323455d8ffb787c801e96fd9353

  • SHA1

    b7335c77eb0b0603f2cd9206e1709bdb7badac16

  • SHA256

    db4d61427699928cbe5b567a37a0336f42a1faf4771ef21e9e18dd37c86fe157

  • SHA512

    ef55126009f1a31728d3605755af5d8189639239e1043154afc575ec3829dc793bf6e874934b80ecaaf467503b7df57edfabbc82e93f7e28f286f9af61dedc46

  • SSDEEP

    24576:kAHnh+eWsN3skA4RV1Hom2KXMmHan4QaUMaq6AMgHuwGtxwxUC5m5:zh+ZkldoPK8YanfqhMhxCi

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      db4d61427699928cbe5b567a37a0336f42a1faf4771ef21e9e18dd37c86fe157

    • Size

      1.2MB

    • MD5

      ecd70323455d8ffb787c801e96fd9353

    • SHA1

      b7335c77eb0b0603f2cd9206e1709bdb7badac16

    • SHA256

      db4d61427699928cbe5b567a37a0336f42a1faf4771ef21e9e18dd37c86fe157

    • SHA512

      ef55126009f1a31728d3605755af5d8189639239e1043154afc575ec3829dc793bf6e874934b80ecaaf467503b7df57edfabbc82e93f7e28f286f9af61dedc46

    • SSDEEP

      24576:kAHnh+eWsN3skA4RV1Hom2KXMmHan4QaUMaq6AMgHuwGtxwxUC5m5:zh+ZkldoPK8YanfqhMhxCi

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks