ateraagent | 9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9219d0815a...78.msi

windows7-x64

9219d0815a...78.msi

windows10-2004-x64

Sharing

General

Target

9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78.msi
Size

2.9MB
Sample

250125-de6qtstmbp
MD5

7c2346e58afd0cc0337fc935cd41d9c4
SHA1

32189bee035e465d2df8bb15c5d168f8eff6f187
SHA256

9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78
SHA512

b7267d28ec63ce3b3a2bd247094bf1a4cc8891549a4d43f8875ba1e37f97f3a1a6bddcbc8f9be009fc12a3836dd9d759394ec5a38ef87c8425990d42ce3cb9e2
SSDEEP

49152:M+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:M+lUlz9FKbsodq0YaH7ZPxMb8tT

Score

10^/10

ateraagent discovery execution persistence privilege_escalation rat upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78.msi

Resource

win7-20241010-en

ateraagent discovery persistence privilege_escalation rat

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78.msi

Resource

win10v2004-20241007-en

ateraagent discovery execution persistence privilege_escalation rat upx

windows10-2004-x64

33 signatures

150 seconds

Malware Config

Targets

- Target
  
  9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78.msi
- Size
  
  2.9MB
- MD5
  
  7c2346e58afd0cc0337fc935cd41d9c4
- SHA1
  
  32189bee035e465d2df8bb15c5d168f8eff6f187
- SHA256
  
  9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78
- SHA512
  
  b7267d28ec63ce3b3a2bd247094bf1a4cc8891549a4d43f8875ba1e37f97f3a1a6bddcbc8f9be009fc12a3836dd9d759394ec5a38ef87c8425990d42ce3cb9e2
- SSDEEP
  
  49152:M+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:M+lUlz9FKbsodq0YaH7ZPxMb8tT
Score

10^/10

ateraagent discovery persistence privilege_escalation rat execution upx
- AteraAgent
  AteraAgent is a remote monitoring and management tool.
  rat ateraagent
- Ateraagent family
  ateraagent
- Detects AteraAgent
- Blocklisted process makes network request
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Component Object Model Hijacking

Installer Packages

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Installer Packages

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ateraagentdiscoverypersistenceprivilege_escalationrat

behavioral2

ateraagentdiscoveryexecutionpersistenceprivilege_escalationratupx

© 2018-2025

Terms | Privacy