Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

rBranchefo...23.exe

windows7-x64

10

rBranchefo...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rBrancheforeningers123.exe

  • Size

    377KB

  • Sample

    230321-p9r2pscd4v

  • MD5

    f63809d17e11d6e0d719d44a2ef45ca0

  • SHA1

    58a52ad6005886660cf54c7abbc21b7b31371894

  • SHA256

    d209b6fe66d2f2c856a3f56d6386a1963381a681c2cde6367840a24d717427e5

  • SHA512

    c18204e5fb2e13665e76f42c105cbaeffbfe10d54e59ec90a3c416d76f192d54b80a05d35d973f3afa15f4c43f1b7d82587f0134d992630548caf70d5328cc1b

  • SSDEEP

    6144:sspNjlsvCnvxZGVGGMrYfXcHQJsOjGXve0i489/8zvZKcrAc2uxMK7S+2vhv+k12:scBwJsON+zHrAzfK4hGko9HJSU

Score
10/10
agentteslaguloadercollectiondiscoverydownloaderkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.copychamo.com
  • Port:
    587
  • Username:
    moncada@copychamo.com
  • Password:
    Iu!&}hG}8u#3
  • Email To:
    grupohugovalero@gmail.com

Targets

    • Target

      rBrancheforeningers123.exe

    • Size

      377KB

    • MD5

      f63809d17e11d6e0d719d44a2ef45ca0

    • SHA1

      58a52ad6005886660cf54c7abbc21b7b31371894

    • SHA256

      d209b6fe66d2f2c856a3f56d6386a1963381a681c2cde6367840a24d717427e5

    • SHA512

      c18204e5fb2e13665e76f42c105cbaeffbfe10d54e59ec90a3c416d76f192d54b80a05d35d973f3afa15f4c43f1b7d82587f0134d992630548caf70d5328cc1b

    • SSDEEP

      6144:sspNjlsvCnvxZGVGGMrYfXcHQJsOjGXve0i489/8zvZKcrAc2uxMK7S+2vhv+k12:scBwJsON+zHrAzfK4hGko9HJSU

    Score
    10/10
    agentteslaguloadercollectiondiscoverydownloaderkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.