Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c1e3420f0a...7f.exe

windows7-x64

10

c1e3420f0a...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1e3420f0a16ce2a0bb44a91cd4c70460833a28e4ccaea6205d020a6b4a4287f.exe

  • Size

    726KB

  • Sample

    240307-qhsplabh68

  • MD5

    031869edeea7feb77af952ea0117f35b

  • SHA1

    e5591137e9e7774b440d6808c06d5580552c7fdc

  • SHA256

    c1e3420f0a16ce2a0bb44a91cd4c70460833a28e4ccaea6205d020a6b4a4287f

  • SHA512

    989d42981cb0080ebb269a9ca4a3229336b0340b9d8ff6b8ccff3ebe20786aff17e03e79d4008bf1e3d3ff7bfa084ae9d60c480ecf6f6de55324b188c85a5144

  • SSDEEP

    12288:vkAzjWfB/rX5NPZTZp6H/XC28nnFqH6Wsgdaccy5SaG9F10:v/OJ/rLZl4/C28FosXTyIK

Score
10/10
agentteslazgratkeyloggerpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.cyber.net.pk
  • Port:
    587
  • Username:
    almustafansons@cyber.net.pk
  • Password:
    Zain2357@
  • Email To:
    jose.oliveirea655@gmail.com

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.cyber.net.pk
  • Port:
    587
  • Username:
    almustafansons@cyber.net.pk
  • Password:
    Zain2357@

Targets

    • Target

      c1e3420f0a16ce2a0bb44a91cd4c70460833a28e4ccaea6205d020a6b4a4287f.exe

    • Size

      726KB

    • MD5

      031869edeea7feb77af952ea0117f35b

    • SHA1

      e5591137e9e7774b440d6808c06d5580552c7fdc

    • SHA256

      c1e3420f0a16ce2a0bb44a91cd4c70460833a28e4ccaea6205d020a6b4a4287f

    • SHA512

      989d42981cb0080ebb269a9ca4a3229336b0340b9d8ff6b8ccff3ebe20786aff17e03e79d4008bf1e3d3ff7bfa084ae9d60c480ecf6f6de55324b188c85a5144

    • SSDEEP

      12288:vkAzjWfB/rX5NPZTZp6H/XC28nnFqH6Wsgdaccy5SaG9F10:v/OJ/rLZl4/C28FosXTyIK

    Score
    10/10
    agentteslazgratkeyloggerpersistenceratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.