Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

AeroGlassE...bo.exe

windows7-x64

8

AeroGlassE...bo.exe

windows10-2004-x64

8

visual_viewer.dll

windows7-x64

1

visual_viewer.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f76c0d460f364897505120a1632507ec_JaffaCakes118

  • Size

    339KB

  • Sample

    240418-gwtdlsef41

  • MD5

    f76c0d460f364897505120a1632507ec

  • SHA1

    9e39203c6181f636445abd485bf649dce784e6a8

  • SHA256

    590d9e8fd9be7a07b6d474cfc17085cdcdf3a2f7e84b23005e97e0a5760d2bba

  • SHA512

    f662a1594f295caa264866a823e990766d75e95fa5830222e40a92f0a70005b16cfeb903e146c5636cc23d57713d179f27baaf1cb1d59c2efe0453d9603a3c81

  • SSDEEP

    6144:HavcXXgB9+voIN5HN0AuS0/jNhPqzgC8Jqzo321oC2KrozvFrxr:HjXXgB9oHN0VS0/jLPI8JV+oPnt

Score
8/10
evasionpersistencespywarestealer

Malware Config

Targets

    • Target

      AeroGlassEffect_By i_placebo.exe

    • Size

      508KB

    • MD5

      ecdf21a9102e05d26c2404d7ff86d027

    • SHA1

      889228e574a50a3d2f9b1167cb85b1e797cc7817

    • SHA256

      6447a2ddb0f3f147c1ade93d8f47cb49da71820137188d1fcce57e0007b99c69

    • SHA512

      398242d51c027b36810be60677d74d5320a390406ad4c7ba848dce88a819dacd3187efc84ee3a84e1fd3b070347c4df36bcfefc3b7b756feb69acf8ca5e6f513

    • SSDEEP

      12288:UstKi/CYqICxr0BnVIPm1/rF/UhoNieeAssK7slfl3wFBD:5Ki/CXICx0+m1B/eoNiee8

    Score
    8/10
    evasionpersistencespywarestealer

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      visual_viewer.dll

    • Size

      192KB

    • MD5

      7fa6d9f29783b9dd493bd822786bc053

    • SHA1

      b610bd08833e1808f507033dce811974e12d96b4

    • SHA256

      14970e018650fd3aab2918ca30aa2280c67de6b1a60581220737724194328f16

    • SHA512

      4b3fea399bd73514f363ab7720b83c555e7f3e5040d5285a0fc41c25df9c738b87c720e1aeab112098c81496563a7b885013b83dabd5d3da075fd37683249ff2

    • SSDEEP

      3072:edXV+YjCfGkUSK0A2SXOHqm5aFlQF9kkOV8VYhn/jgeAYqQ9/weg3HY9052TBf/P:edXBCf/A2SXOKmfFWMmpAYqQlc38052

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks