Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bf195309d3...7c.exe

windows7-x64

10

bf195309d3...7c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf195309d315f72cba80c7edd344a27d4950a7e54d883c4b9546bb69b870107c

  • Size

    637KB

  • Sample

    241213-bgqfhsvphn

  • MD5

    5888e0f00806e549fa181e11614b29b6

  • SHA1

    c71c74911cb2d2ab8a535be7697c7f02336d67d1

  • SHA256

    bf195309d315f72cba80c7edd344a27d4950a7e54d883c4b9546bb69b870107c

  • SHA512

    287a004cd34e505705970bc161c9eee67ebe6e1213708c3b64cb6c95f610e599f6b76b4aa1b6d5bbeaf834410cfebc0d208395c8027ca732c37c24a5970e2263

  • SSDEEP

    12288:oAn15OllT6k2neIurJxvBWN8LZwOItwFgaDEk/J0Z2s+5eCtqyt/RxyRbi0x74:vIiDudxv4NEZHjdaZ2s+RPpxyRbi0t4

Score
10/10
agenttesladiscoveryevasionexecutionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7238823286:AAHUVsvFbx3L7yfxJB-f5BMs6WFzLbndzzw/

Targets

    • Target

      bf195309d315f72cba80c7edd344a27d4950a7e54d883c4b9546bb69b870107c

    • Size

      637KB

    • MD5

      5888e0f00806e549fa181e11614b29b6

    • SHA1

      c71c74911cb2d2ab8a535be7697c7f02336d67d1

    • SHA256

      bf195309d315f72cba80c7edd344a27d4950a7e54d883c4b9546bb69b870107c

    • SHA512

      287a004cd34e505705970bc161c9eee67ebe6e1213708c3b64cb6c95f610e599f6b76b4aa1b6d5bbeaf834410cfebc0d208395c8027ca732c37c24a5970e2263

    • SSDEEP

      12288:oAn15OllT6k2neIurJxvBWN8LZwOItwFgaDEk/J0Z2s+5eCtqyt/RxyRbi0x74:vIiDudxv4NEZHjdaZ2s+RPpxyRbi0t4

    Score
    10/10
    agenttesladiscoveryevasionexecutionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks