Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
reefpq.exe
-
Size
120KB
-
Sample
220927-bhklnaddej
-
MD5
2ebb8bd7be7187f911ce264c3f572f27
-
SHA1
73c1b0561c7cbbd88cd796b181a99a411e7b7187
-
SHA256
cf23992cf7f5c21c94e6ee8a8fcc4f6b5f086924811e874f5d6ba13f5b845f1a
-
SHA512
9c5216716367619fd2e8492b2ce63f117493ab6f4190d377e1da7adb992c1180be7d5795af7bed80313ba28d11e4211d9ef70bb31246dfa2d1f1a571345a3b45
-
SSDEEP
3072:JDxaVzwmg4CSW8JSulArbSBAlmhP+JbZZX4EOTUAuXjT65AAJnHPSB:5Mm4CCgSBAlmt+l5AuXjT659Hm
Malware Config
Extracted
Protocol: ftp- Host:
ftp.womens-healthcare.co.uk - Port:
21 - Username:
[email protected] - Password:
njQGrywUXJ6I
Targets
-
-
Target
reefpq.exe
-
Size
120KB
-
MD5
2ebb8bd7be7187f911ce264c3f572f27
-
SHA1
73c1b0561c7cbbd88cd796b181a99a411e7b7187
-
SHA256
cf23992cf7f5c21c94e6ee8a8fcc4f6b5f086924811e874f5d6ba13f5b845f1a
-
SHA512
9c5216716367619fd2e8492b2ce63f117493ab6f4190d377e1da7adb992c1180be7d5795af7bed80313ba28d11e4211d9ef70bb31246dfa2d1f1a571345a3b45
-
SSDEEP
3072:JDxaVzwmg4CSW8JSulArbSBAlmhP+JbZZX4EOTUAuXjT65AAJnHPSB:5Mm4CCgSBAlmt+l5AuXjT659Hm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-