Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

YU SV Payment.exe

windows7-x64

10

YU SV Payment.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef886056d9a8c2089d72c3336475d27303f13c5c14085351a7897d677a848cc8

  • Size

    680KB

  • Sample

    240228-byn9sagb5v

  • MD5

    892d0d394c95042ba46e269ec9837e4b

  • SHA1

    f6982852ac058e965daab36879fea78823310b5e

  • SHA256

    ef886056d9a8c2089d72c3336475d27303f13c5c14085351a7897d677a848cc8

  • SHA512

    6b3d5415a4ec8e176cc87931f7b3f5ed92683da6888a475cd5e52fe8b29d917e1a0c2cca607670fac81c9755d6ea4f366b0ad310dc231ba630731e2496ef954c

  • SSDEEP

    12288:kxvmdG11NJDd+xJL3Wt2c0UJTIK+DVxPYqn2yl41MVIsps32wmmYG6O2ju5o+Pv:MedWNp+D3WoclSxPzny1rOsEE6Ocu5oW

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    zqamcx.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Methodman991

Targets

    • Target

      YU SV Payment.exe

    • Size

      716KB

    • MD5

      b27d59190142193a25e728f708a2723c

    • SHA1

      64374d07e20daa15d8f02ad0d2f40458a67fbbca

    • SHA256

      0e2ca3a22077ff6c9460e2033e1e53419053336bb81973252a764f56497a52c6

    • SHA512

      4839bc0f24c7a09e85dbdf0116bd31a34b58511862676766337d9fae2dfe5c658fa9132db310dcef0a0512120a902cc8d79c7baf78de63b0f265b5321e02b7bd

    • SSDEEP

      12288:j5zScVfJTMK+r8fmCwnhZby00RCjs3gwmsYGu9pxA5k1kR:tzSOb26B8hZbz0Ys+Wu/I

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks