ateraagent | d86cd0522385c94d127a8a687fcde9bbfe2f025d061b050458b03a75e908a97a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

SEFAZ-Sync.msi

windows7-x64

SEFAZ-Sync.msi

windows10-2004-x64

Sharing

General

Target

SEFAZ-Sync.msi
Size

2.9MB
Sample

250211-mb1vvatpcy
MD5

9a70f71e961db28a61f88b5a401cc6b9
SHA1

afc84d322954f1c543a24f354885a2a9938a9118
SHA256

d86cd0522385c94d127a8a687fcde9bbfe2f025d061b050458b03a75e908a97a
SHA512

b9747e78e6b03631093ac57a3bd6a7c8ab1f2ee724589db1fd9e282ef5f3be81e0499652977567f815bcf26d1f3fa3470e7b59890986ced94043b8c0d37da209
SSDEEP

49152:++1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:++lUlz9FKbsodq0YaH7ZPxMb8tT

Score

10^/10

ateraagent discovery persistence privilege_escalation rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

SEFAZ-Sync.msi

Resource

win7-20240729-en

ateraagent discovery persistence privilege_escalation rat

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

SEFAZ-Sync.msi

Resource

win10v2004-20250207-en

ateraagent discovery persistence privilege_escalation rat

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  SEFAZ-Sync.msi
- Size
  
  2.9MB
- MD5
  
  9a70f71e961db28a61f88b5a401cc6b9
- SHA1
  
  afc84d322954f1c543a24f354885a2a9938a9118
- SHA256
  
  d86cd0522385c94d127a8a687fcde9bbfe2f025d061b050458b03a75e908a97a
- SHA512
  
  b9747e78e6b03631093ac57a3bd6a7c8ab1f2ee724589db1fd9e282ef5f3be81e0499652977567f815bcf26d1f3fa3470e7b59890986ced94043b8c0d37da209
- SSDEEP
  
  49152:++1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:++lUlz9FKbsodq0YaH7ZPxMb8tT
Score

10^/10

ateraagent discovery persistence privilege_escalation rat
- AteraAgent
  AteraAgent is a remote monitoring and management tool.
  rat ateraagent
- Ateraagent family
  ateraagent
- Detects AteraAgent
- Blocklisted process makes network request
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ateraagentdiscoverypersistenceprivilege_escalationrat

behavioral2

ateraagentdiscoverypersistenceprivilege_escalationrat

© 2018-2025

Terms | Privacy