Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Neworder73064105.exe

windows7-x64

10

Neworder73064105.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Neworder73064105.exe.bin

  • Size

    543KB

  • Sample

    230505-znmj7seb57

  • MD5

    ff62b63abc1bb78ee16acfbad6333416

  • SHA1

    339a0e14ff252eb6bddd43c7f5e0d1b9680d37b6

  • SHA256

    978d65c4620865b35c4ff0aea3c6c0bf6774494b84113210d314c9edf48a6a54

  • SHA512

    554a730bc7256b5d1ccfd98ec61252d459446e384c5bf386c5a967fa3025ce6fc468b23947f12417ce02bdaf18ba7d3bb966df3ad1da4b3274870423d40fedba

  • SSDEEP

    12288:6qdT/Iz0OjryXSIeNKhgOb1+AQRPVHfP+p9PJeVXm:VPXJeCg05QPV/G5eVX

Score
10/10
agentteslaredlinecollectioninfostealerkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Neworder73064105.exe.bin

    • Size

      543KB

    • MD5

      ff62b63abc1bb78ee16acfbad6333416

    • SHA1

      339a0e14ff252eb6bddd43c7f5e0d1b9680d37b6

    • SHA256

      978d65c4620865b35c4ff0aea3c6c0bf6774494b84113210d314c9edf48a6a54

    • SHA512

      554a730bc7256b5d1ccfd98ec61252d459446e384c5bf386c5a967fa3025ce6fc468b23947f12417ce02bdaf18ba7d3bb966df3ad1da4b3274870423d40fedba

    • SSDEEP

      12288:6qdT/Iz0OjryXSIeNKhgOb1+AQRPVHfP+p9PJeVXm:VPXJeCg05QPV/G5eVX

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojanredlineinfostealer

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks