Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
86fd65c991039149a153bd61e8ffc9595fccdb8b4230be495ffc5e42eb84d6d4
-
Size
1.2MB
-
Sample
240315-cg3lhsdg91
-
MD5
3f5e10b67063fedee5b41c5100b75583
-
SHA1
771538ad273311b09c8c5c9f680cf18717a6a2aa
-
SHA256
86fd65c991039149a153bd61e8ffc9595fccdb8b4230be495ffc5e42eb84d6d4
-
SHA512
fed33cd0e6cb97173847a8787493499c07d120cd51d2ff1acc9b407e6e1a5f9f5d0af282e6979925c6944c161c91b853667a4a5392bbb4b8a3d81f3eaaf196e9
-
SSDEEP
12288:WXcHy1gqOppGq+k1imLwauAZCjeqJKu7:WXcS1JOppNxw2wauTJH7
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
QUOTE.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Infami/Metagaster/Brnehaveklasserne.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Infami/Metagaster/Brnehaveklasserne.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
sqjj uocs bicm tinm - Email To:
[email protected]
Targets
-
-
Target
QUOTE.exe
-
Size
346KB
-
MD5
70c8145c188bf89c25f085e001c6f9a7
-
SHA1
d3e24cdd7272965ba04b8a0a7013c79e2633f7aa
-
SHA256
4cb733e05325fdf02dfaf5982ca2a8917373658aed1e328869077e92c6d73225
-
SHA512
445f9f092241810359fcd7e319ec5f0dc40a4f19656484085a37201b5dd348a246bb1916b9ee526292cdab00068c5f2ddaacc259470c440d4bd82c6ad6cfa40c
-
SSDEEP
6144:5XCKG5Hob1T0qQzmnMpv+j++KqfUuuMSR7EDaLLt+a5YiCmbnIGZmXjeqJKnuG2a:5XcHy1gqOppGq+k1imLwauAZCjeqJKuE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Infami/Metagaster/Brnehaveklasserne.Mom
-
Size
53KB
-
MD5
2a4402450d6e37b4c5f6434e8e2548ae
-
SHA1
29b0d015b4c7420b576f3ce745b95f16f416045e
-
SHA256
05e03c9da534face56a3181a98e7194ce73a4638f713523d26aa97486f427eea
-
SHA512
e5a69a27041b0c1f8592861e820da036edc41cf3b0d630a6eea8e1cb8935ff88a5aec6a231e240c2c3fa52c47c64608ea84924cb6165170e3ee144335fbb4387
-
SSDEEP
1536:7uclUIfUW1MRADKnHPiRLeZ1/3pJ45WhfDntzBZ:7unW1MBnaFeZ1/3pJ40Rz
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-