Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e8ae346ea2...3e.exe

windows7-x64

10

e8ae346ea2...3e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8ae346ea2979c546ac9e45804c6a6e5c22c8dc106046c24c91c9a63a167283e

  • Size

    341KB

  • Sample

    240705-bw79wa1gjh

  • MD5

    6999ec10578f5faebb2ee27471a9c967

  • SHA1

    7e4e105899cd8f30a3c5e8ef6815c9dbb1581e18

  • SHA256

    e8ae346ea2979c546ac9e45804c6a6e5c22c8dc106046c24c91c9a63a167283e

  • SHA512

    b4ca16c180193a143f95e7e82c7f7ca4f67c3bb71049bb0f8aa18cf75863fc0ae8bbe0decbef77db44b64bb46a4b2a3f5ffa0d112a7fb679042a166dbe2da999

  • SSDEEP

    3072:ApHzGkko4HmJo5LfN3OFI8ryG3Hr9ilNMz1grh/6qvUVEw3gSWo8siofh/:ApHVceI8OG7jxEvU9Qt1s

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6401060771:AAF8rHCQk-o-9VI7BrWiQ98NUEGXRg9k85o/

Targets

    • Target

      e8ae346ea2979c546ac9e45804c6a6e5c22c8dc106046c24c91c9a63a167283e

    • Size

      341KB

    • MD5

      6999ec10578f5faebb2ee27471a9c967

    • SHA1

      7e4e105899cd8f30a3c5e8ef6815c9dbb1581e18

    • SHA256

      e8ae346ea2979c546ac9e45804c6a6e5c22c8dc106046c24c91c9a63a167283e

    • SHA512

      b4ca16c180193a143f95e7e82c7f7ca4f67c3bb71049bb0f8aa18cf75863fc0ae8bbe0decbef77db44b64bb46a4b2a3f5ffa0d112a7fb679042a166dbe2da999

    • SSDEEP

      3072:ApHzGkko4HmJo5LfN3OFI8ryG3Hr9ilNMz1grh/6qvUVEw3gSWo8siofh/:ApHVceI8OG7jxEvU9Qt1s

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks