Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
StubBuilder.rar
-
Size
9.8MB
-
Sample
230820-wgbmksad5s
-
MD5
ecaf886156ca26b4c09503d65b3adb08
-
SHA1
8fcdaba4c79e3d74ea9774062fd2f3815bc827bd
-
SHA256
caba108ecd1e8601819b9863c8f790b8f93f00d607e0d5a2089bb8148905128f
-
SHA512
22929d4f0ddf992cf2c7471f80e0c4dc71f6175898318d494538c27713a8a11fec680186574f6c1cffba01042a096aac659f140375565825fdcf15b23f49a962
-
SSDEEP
196608:Ta/QbujucsqRVaPGo9onqOM5dJ7giry3Z6KbDzGrdIMZILmhN0U58:N8ucsqRe2qOG7Zrba6zZUSny
Behavioral task
behavioral1
Sample
StubBuilder/Guna.UI2.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
StubBuilder/StubBuilder.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
StubBuilder/Guna.UI2.dll
-
Size
2.2MB
-
MD5
934c47fe3a9a700c9bd7256918ea2a55
-
SHA1
5b4ab5482adbe76e4ad27c4a3d6f1e24e2d1082e
-
SHA256
93875f9056684dad7f345ad63a9d9fbad8fe3c83ae9bd82f618a1e1cb5f1e8a6
-
SHA512
9186860bcba7dabc22812c42c4ac941930a561cba3e2dd54b6234dd068786f690302241e42a747d2cf102b1fcd325126c3b6f9174cb21702c6951847ac318ec1
-
SSDEEP
24576:7YiAs/rXPAYkqjW7CedtntpzuVHt7hyFpASvvD9oA3cPPEMvDbEU+rHQ/jza:7Yk/rtujLYVN701mA3v
Score1/10 -
-
-
Target
StubBuilder/StubBuilder.exe
-
Size
44KB
-
MD5
b3dd3992c85fd1cfc877a236b97d3a3a
-
SHA1
e3f52a75340f82c4e8f9ac47cb2209ae8f76a84a
-
SHA256
fde4fdd98d9e67bd412738f5b41e79d15c3e1f4bc861662c669e6f30569a2962
-
SHA512
e172e9cb3480e5b9fff939b69f7c26953ee6e39dc77c552f3a9638b9d462dc98a1a0872c3c888d52bb09d24c247b4285bacde7b331d0cf6805e8253e64b9361e
-
SSDEEP
768:s+s3XohtlvF5dF7VM9qBhAmmC1+yr66fIVbcjw:zsHohv7VMUBQByWCw
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
StubBuilder/StubBuilderHelper.exe
-
Size
9.2MB
-
MD5
1a1e9ea16aeec7ece068d0324d40da00
-
SHA1
9e33dae3fdc90ad356de23000566a97284c43b72
-
SHA256
42d82da1f1cce098fa96a1b97c83e0044530b10d76b1543587bee724ec62923c
-
SHA512
d71932b4d669f056f1b7eae4140115871ec11515f056e4b48eecafa7c41f8df756cd3e056f963ddb15e6d0fe189915135291630e3d734d90a942a900e594fd84
-
SSDEEP
196608:/cdzUjpRRofdQmR5dA6lsuErSEEJwzeiOF6OVsmYPuksBq:8oVRRqdQ2ls+9JqelOmz
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-