Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Anti Malware VS Malware Document.zip
-
Size
118.1MB
-
Sample
231028-vln8sscd9w
-
MD5
10381c0010548265a31da2da6f1611a3
-
SHA1
3f188fdca7ce79f014b3efa00b1707fb60664e72
-
SHA256
8f736d24115f70ad18ed620ec8c29efc805ea00e2ac72bb1e9078186488fa059
-
SHA512
30925324113e0bc692d38c44196b5fa78c1bdff449d361a011ab5f86ee09299071769691da1200a750a55e182e432907a58ada4c36de83ad60e6e2f2aead5445
-
SSDEEP
3145728:WcNV0c+BBchhJJnsNmDuzn2dOYIwWDB0tg:WcNqcAuD3gTY6wlg
Static task
static1
Malware Config
Extracted
Protocol: ftp- Host:
thedress.pk - Port:
21 - Username:
[email protected] - Password:
texas1234567890
Extracted
Protocol: ftp- Host:
valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Extracted
smokeloader
pub1
Extracted
loaderbot
http://185.236.76.77/cmd.php
Extracted
formbook
4.1
t6tg
dwolfgang.com
changeandcourse.com
sonexhospitallimited.com
izeera.com
7m9.lat
fem-studio.com
santocielostore.com
0xinxg7e50de2n7q2z.site
ssongg13026.cfd
promushealth.com
g7bety.com
molinoelvinculo.com
smallthingteamwork.world
zewagripro.shop
adam-automatik.com
raquelaranibar.com
aigeniusink.com
maddirazoki.com
nextino.app
verbenashungary.com
ocoala.com
tugerdi.site
sitaramhanuman.com
gisel88.buzz
aspiredstudio.com
muthu99.xyz
domumix.com
new-minerals.com
iuhew1.cfd
synchronicityholistic.online
cymatikcode.store
myundine.com
jys639.com
commandintelhub.xyz
tt295.net
uduxdesk.xyz
ficylkghv.com
zeropointenergyhvac.com
speducationtraining.com
oogqhhpzif.com
lobby138.monster
gnowa.shop
hcoarrih.com
abstractcertify.com
bulletproofaf.com
akashaowen.com
shoprelum.com
optibioenergy.com
find-hire.com
xiausu.com
abodecomm.com
ceresagridrone.com
verificardsa.com
verdantviewsinvesting.com
517912.com
tailboost.xyz
furnituresaled.com
cysh100th.com
drtber.com
ep0i.com
fallcraftcruise.com
personalinjurylaw24.com
not-ai.design
uzmayaqoob.com
ascend-help.tech
Extracted
agenttesla
Protocol: smtp- Host:
mail.greentnd.com - Port:
587 - Username:
[email protected] - Password:
xAu^5p6BT2vcelhn - Email To:
[email protected]
Targets
-
-
Target
Anti Malware VS Malware Document.zip
-
Size
118.1MB
-
MD5
10381c0010548265a31da2da6f1611a3
-
SHA1
3f188fdca7ce79f014b3efa00b1707fb60664e72
-
SHA256
8f736d24115f70ad18ed620ec8c29efc805ea00e2ac72bb1e9078186488fa059
-
SHA512
30925324113e0bc692d38c44196b5fa78c1bdff449d361a011ab5f86ee09299071769691da1200a750a55e182e432907a58ada4c36de83ad60e6e2f2aead5445
-
SSDEEP
3145728:WcNV0c+BBchhJJnsNmDuzn2dOYIwWDB0tg:WcNqcAuD3gTY6wlg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Formbook payload
-
LoaderBot executable
-
Downloads MZ/PE file
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1