ateraagent | 5a074d3c7736cbc9ccae728e7dca9d14366c3943b686d62f435bba893283c5c8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Security_P...ed.msi

windows7-x64

Security_P...ed.msi

windows10-2004-x64

Sharing

General

Target

21729502126.zip
Size

2.6MB
Sample

250313-k9d3matkw7
MD5

c47c52a51f16b02d8666e1489f92d854
SHA1

16c2c76826224c56ac89dbab9426736cb4a1bcd9
SHA256

5a074d3c7736cbc9ccae728e7dca9d14366c3943b686d62f435bba893283c5c8
SHA512

bb4648210c607ef61123ece7371284b4bd3f2ee11ec8fdccfbe2b2adc73aeb4be936fd47750f6134123998d372fc595c2183356a40c6b6e3248ed0c1c7532156
SSDEEP

49152:SRJyxaX7BuH45mtX77F09kMRFuie1hIaE7aAou7zu0AmHNJu8c7W3DLsR:SbyxaX7BuH4Q7J0rR49hIaU1zJVNY57P

Score

10^/10

ateraagent discovery persistence privilege_escalation rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Security_Procedures_Updated.msi

Resource

win7-20240903-en

ateraagent discovery persistence privilege_escalation rat

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

Security_Procedures_Updated.msi

Resource

win10v2004-20250217-en

ateraagent discovery persistence privilege_escalation rat

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  Security_Procedures_Updated.msi
- Size
  
  2.9MB
- MD5
  
  352a76e3d2029f2210c603e280f2ffdd
- SHA1
  
  8b6fe96636bf90e82e92fa7293b9ec03f0c70084
- SHA256
  
  3b087726ebf6de197e6c677407d360171cbb975d7fabaab2825aa2a7266767bd
- SHA512
  
  2d253ec7480bec43f05210b4c42b4d14538fb812a9b5459adbbd87b79f80d0f5de292c6204facc4219a34cafd58ef7ba213af2b6fbcac8f01623e3a6dc857d8f
- SSDEEP
  
  49152:G+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:G+lUlz9FKbsodq0YaH7ZPxMb8tT
Score

10^/10

ateraagent discovery persistence privilege_escalation rat
- AteraAgent
  AteraAgent is a remote monitoring and management tool.
  rat ateraagent
- Ateraagent family
  ateraagent
- Detects AteraAgent
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ateraagentdiscoverypersistenceprivilege_escalationrat

behavioral2

ateraagentdiscoverypersistenceprivilege_escalationrat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.