Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Payment Sl...24.exe

windows7-x64

10

Payment Sl...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Form for confirmation.iso

  • Size

    1.2MB

  • Sample

    240405-b2a7bsgf7w

  • MD5

    5e5a505151c1898707ba919a45dc71cf

  • SHA1

    8eb76d171dd22a6bb48b9adbb85b9713061afcf9

  • SHA256

    c6e088402071431a2faf40c62fbc28f438cf98684820edde4d778f833d8921bb

  • SHA512

    e176375a18b42a9dd8a684c5cbe5937b4c4f2fd56839b149029550ccb88db119649ecbc2f7f4d663af64da802f7c7ae8b4ce0f5ea2bd3bee0876567b3593e675

  • SSDEEP

    12288:t9UHTp6Hg2vXZdlNn2cXHFMWQEjFDe4nhD30cyLtDtS18V5wybCd/rghUlmt3krf:MHVhoV2cXHU2hToSSCd/rgh6mt3k9p

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#

Targets

    • Target

      Payment Slip05042024.exe

    • Size

      603KB

    • MD5

      6a143bd09bf8e4b96020812cdf85a92e

    • SHA1

      5980fa3b4d37ccdec00e3f6a78c7f1aca5939418

    • SHA256

      4b4c3585bbf95af33fac18ae92347069e2b732626cc6c7984ebfef92ea0a89b0

    • SHA512

      464a22ca590543cbbbf281dd14fa4f0f95ac6b99b932fb48d573ab4fb8fc4a9c421ec2db8e19960d58e0a2b8e773cb74d2cc09f6c4e87c18330fbcd30abbfc17

    • SSDEEP

      12288:H9UHTp6Hg2vXZdlNn2cXHFMWQEjFDe4nhD30cyLtDtS18V5wybCd/rghUlmt3krf:6HVhoV2cXHU2hToSSCd/rgh6mt3k9p

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks