Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
61489fb28f59a778c7ac16f4d88c766cffffe2a153b8202115e6744e32e7641b
-
Size
783KB
-
Sample
241213-bj9l6stmgt
-
MD5
220919d8e8a31db31e4efc371cae82a4
-
SHA1
a87310ef3549cd609dc429a63bf45fde14ef4746
-
SHA256
61489fb28f59a778c7ac16f4d88c766cffffe2a153b8202115e6744e32e7641b
-
SHA512
3d60ab0f4f3101c0641da5a9a74fedd7bfd3b098d7feea5bbf2dc36eb11db321ea8bcd35c73dcdb602f0c46eea9183007ee5dd6582e77a4e293ffe712101f2df
-
SSDEEP
24576:PjlIhSPd+p2O4qCfOVY5zL245CeYcaGqE7nReX:Pjl+SPspd45WVaSQzTacwX
Static task
static1
Behavioral task
behavioral1
Sample
61489fb28f59a778c7ac16f4d88c766cffffe2a153b8202115e6744e32e7641b.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
61489fb28f59a778c7ac16f4d88c766cffffe2a153b8202115e6744e32e7641b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6050556352:AAE_-mublQ2CllMbT9xkQVBjSBbdvdYR1kM/
Targets
-
-
Target
61489fb28f59a778c7ac16f4d88c766cffffe2a153b8202115e6744e32e7641b
-
Size
783KB
-
MD5
220919d8e8a31db31e4efc371cae82a4
-
SHA1
a87310ef3549cd609dc429a63bf45fde14ef4746
-
SHA256
61489fb28f59a778c7ac16f4d88c766cffffe2a153b8202115e6744e32e7641b
-
SHA512
3d60ab0f4f3101c0641da5a9a74fedd7bfd3b098d7feea5bbf2dc36eb11db321ea8bcd35c73dcdb602f0c46eea9183007ee5dd6582e77a4e293ffe712101f2df
-
SSDEEP
24576:PjlIhSPd+p2O4qCfOVY5zL245CeYcaGqE7nReX:Pjl+SPspd45WVaSQzTacwX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1