Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    beatwaremenu.rar

  • Size

    1.6MB

  • Sample

    231107-lmpfhsdg9z

  • MD5

    c9274f4e8fac247238e837a5f2cea235

  • SHA1

    72054a96d725d21e4821cfce147778f939437975

  • SHA256

    7d47ac5c8b01a0dde0953f22db274aa55c0c15305fb74d32a797855e219a0403

  • SHA512

    b225eb8a92243b72f4e23bc76d6aff1709467026bb87638c7936204dafefafbcf8ecea4fac2c4e8434e842dd6742ff6c2e822f4274cedde57b90c08ab9eb89be

  • SSDEEP

    24576:XcriYB6QlQGhKtnrihEEQuZDHws4/AMi2ZucdZNBlsPY3yJKJsApnMh:XcGpxne+FuZDHup/zZNBloBJKg

Malware Config

Targets

    • Target

      BeatWareFree_Guard.exe

    • Size

      538KB

    • MD5

      152b60ff7c6d67bbbc475704b67d9fb0

    • SHA1

      557ff0b50ed538174e425f4ac41cb591c6528d75

    • SHA256

      2295411149204bb37362516f0f510fae7e90d19c1e1896f5a4b0103dc3587d83

    • SHA512

      b764aee160bebd3bcf0bc2b8f32bbc05b2e6521cbb1da380fd1c4660229ef5e0702e0be918b0848ce651df1681e0c2107703ba7d779fa9f18e9c2565804bac01

    • SSDEEP

      12288:PATLOkhswaT3pbgZPmT3JBqZBFDPLa6WK6DN/:PuiRhbTjYFDLF5S

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks