Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Zara+Perm-Cracked.rar
-
Size
1.1MB
-
Sample
240909-n8qltawhql
-
MD5
35650186e819c9d989962232dac3f1c0
-
SHA1
fd3f35ae36ad648dba0310ce9fbdcfe47b11790a
-
SHA256
08bfa123a60129592b815a499f6df0bf213d5653928cbe2ffe888e29e89b26ff
-
SHA512
22e4d1745df1839ffac0dfb8fac087c73828719e0a794dd364e90a7e48e7b92ce2664d1d5000d9f2825a7db8ce81c96b4d8cbf2065de9bb073e64b5b6211c449
-
SSDEEP
24576:baSfP+wLqs2WM7tioix6LDigmGOzDrHzUYvlksRWGgSp2HFFSZO9rhRgcw:bbX+wLD2lKmxm/zDrTUwjzNpyFT9rrS
Malware Config
Targets
-
-
Target
Zara+Perm-Cracked.rar
-
Size
1.1MB
-
MD5
35650186e819c9d989962232dac3f1c0
-
SHA1
fd3f35ae36ad648dba0310ce9fbdcfe47b11790a
-
SHA256
08bfa123a60129592b815a499f6df0bf213d5653928cbe2ffe888e29e89b26ff
-
SHA512
22e4d1745df1839ffac0dfb8fac087c73828719e0a794dd364e90a7e48e7b92ce2664d1d5000d9f2825a7db8ce81c96b4d8cbf2065de9bb073e64b5b6211c449
-
SSDEEP
24576:baSfP+wLqs2WM7tioix6LDigmGOzDrHzUYvlksRWGgSp2HFFSZO9rhRgcw:bbX+wLD2lKmxm/zDrTUwjzNpyFT9rrS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1