Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
76b2ad6694d96a44a96db9fb25dac7da1ab70a174be812b78fcfe5dc048eba25.exe
-
Size
780KB
-
Sample
240213-dd14ysda4w
-
MD5
13d388f4fe68a40f09346acb5aca5bbc
-
SHA1
d8941b604dcd378532fb4362f878e43c11cca491
-
SHA256
76b2ad6694d96a44a96db9fb25dac7da1ab70a174be812b78fcfe5dc048eba25
-
SHA512
40eb0639bd678bbcca68dc3b48b0b01b99450344d7a084a25589ee605c4bbc99bf448d62678a961baf345ad0f7cc8586a47a45d3767fe1d0eec4f236255f50d4
-
SSDEEP
12288:ebFQCaDC1E5HNyrjAHyKTB7wln9vi/9aV+jf3igDiOlymYSmPAQt1lsZC:eb4cnIyKdEe97fni+y+moAbGC
Static task
static1
Behavioral task
behavioral1
Sample
76b2ad6694d96a44a96db9fb25dac7da1ab70a174be812b78fcfe5dc048eba25.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
76b2ad6694d96a44a96db9fb25dac7da1ab70a174be812b78fcfe5dc048eba25.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Brava/Deriverendes.app
Resource
macos-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
12345asdfg@@@@@ - Email To:
[email protected]
Targets
-
-
Target
76b2ad6694d96a44a96db9fb25dac7da1ab70a174be812b78fcfe5dc048eba25.exe
-
Size
780KB
-
MD5
13d388f4fe68a40f09346acb5aca5bbc
-
SHA1
d8941b604dcd378532fb4362f878e43c11cca491
-
SHA256
76b2ad6694d96a44a96db9fb25dac7da1ab70a174be812b78fcfe5dc048eba25
-
SHA512
40eb0639bd678bbcca68dc3b48b0b01b99450344d7a084a25589ee605c4bbc99bf448d62678a961baf345ad0f7cc8586a47a45d3767fe1d0eec4f236255f50d4
-
SSDEEP
12288:ebFQCaDC1E5HNyrjAHyKTB7wln9vi/9aV+jf3igDiOlymYSmPAQt1lsZC:eb4cnIyKdEe97fni+y+moAbGC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
Brava/Deriverendes.App
-
Size
208KB
-
MD5
dbf8a0843f87bc37591a188287517bbb
-
SHA1
ffdb4795d4e624b6644900b07186f49b58fb1888
-
SHA256
2f6eecf89dac2bb4dadc340b4a9c3f79e489aef63c6ac6bb949fdd8e2296dd9c
-
SHA512
a73b5a349a4a577670056e54eebbf637c2b59f3ac76cc6aa43f72862f0bbbf12312b0a920d95eda8df9acfb32ad0fd4af54b5587d48243edbcc9da3037781b21
-
SSDEEP
3072:pdYbg5EY/rXDjl1QjSHwKpAWcaKmMeKcfx7hgbKAtZ6F8rdEfbyUo5qtEGv:pdYZQXDbkoAWcLmMeKcwgF0ET5o5qtV
Score1/10 -