Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8.bat
-
Size
1.4MB
-
Sample
240821-nka68azarq
-
MD5
70b340ae3989a38ceb1545ede320f991
-
SHA1
cb35aa2ea5282c6d3f051400466705058890a424
-
SHA256
ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8
-
SHA512
06c2ad0da9b0bb9c316170c65d0b54a8b0b69ff6c574eb62cb56e0b41b18c12c9d1b7f3eeb0279932e9c44201874f0d76b9d8cc889701578f7e6d1ef4af032c7
-
SSDEEP
24576:WYAnya111NrQcqRpa01Y31TGLN051hed0ELLtk1Koe78TYqE:WjyAwc1aLNch8HLG11dY
Static task
static1
Behavioral task
behavioral1
Sample
ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8.bat
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8.bat
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.keeptraveling-eg.com - Port:
587 - Username:
[email protected] - Password:
Do76#Zbbdonia - Email To:
[email protected]
Targets
-
-
Target
ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8.bat
-
Size
1.4MB
-
MD5
70b340ae3989a38ceb1545ede320f991
-
SHA1
cb35aa2ea5282c6d3f051400466705058890a424
-
SHA256
ed9a1adaafad955e9274c784331db4acc0011031f83fbea872e95550cda00bb8
-
SHA512
06c2ad0da9b0bb9c316170c65d0b54a8b0b69ff6c574eb62cb56e0b41b18c12c9d1b7f3eeb0279932e9c44201874f0d76b9d8cc889701578f7e6d1ef4af032c7
-
SSDEEP
24576:WYAnya111NrQcqRpa01Y31TGLN051hed0ELLtk1Koe78TYqE:WjyAwc1aLNch8HLG11dY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1