Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

New Text Document.exe

windows10-1703-x64

10

Resubmissions

17/11/2023, 19:12

231117-xwf2aaeb6w 10

13/11/2023, 20:48

231113-zlyjpafe33 10

11/11/2023, 00:27

231111-asanrsce88 10

26/10/2023, 01:21

231026-bqq4eaae92 10

17/10/2023, 19:09

231017-xt332ahd24 10

14/10/2023, 18:16

231014-wwjlqsgc23 10

08/10/2023, 21:51

231008-1qgmeagc31 10

03/10/2023, 17:46

231003-wckppaed21 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Text Document.exe

  • Size

    4KB

  • Sample

    231117-xwf2aaeb6w

  • MD5

    a239a27c2169af388d4f5be6b52f272c

  • SHA1

    0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c

  • SHA256

    98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc

  • SHA512

    f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da

  • SSDEEP

    48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt

Score
10/10
agentteslaformbookprivateloaderraccoonredlineriseprozgratlivetrafficlogsdiller cloud (telegram: @logsdillabot)tb8ievasioninfostealerkeyloggerloaderratspywarestealertrojanupx

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Extracted

Family

formbook

Version

4.1

Campaign

tb8i

Decoy

097jz.com

physium.net

sherwoodsubnet.com

scbaya.fun

us2048.top

danlclmn.com

starsyx.com

foxbox-digi.store

thefishermanhouse.com

salvanandcie.com

rykuruh.cfd

gelaoguan.net

petar-gojun.com

coandcompanyboutique.com

decentralizedcryptos.com

ecuajet.net

livbythebeach.com

cleaning-services-33235.bond

free-webbuilder.today

pussypower.net

Extracted

Family

redline

Botnet

LiveTraffic

C2

195.10.205.16:1056

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

194.49.94.40:21348

Targets

    • Target

      New Text Document.exe

    • Size

      4KB

    • MD5

      a239a27c2169af388d4f5be6b52f272c

    • SHA1

      0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c

    • SHA256

      98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc

    • SHA512

      f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da

    • SSDEEP

      48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt

    Score
    10/10
    agentteslaformbookprivateloaderraccoonredlineriseprozgratlivetrafficlogsdiller cloud (telegram: @logsdillabot)tb8ievasioninfostealerkeyloggerloaderratspywarestealertrojanupx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Formbook payload

      rat

    • Downloads MZ/PE file

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks