Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

Arba Outst...nt.exe

windows7-x64

10

Arba Outst...nt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Arba Outstanding Statement.bz2.zip

  • Size

    723KB

  • Sample

    240418-z1573sfa35

  • MD5

    6928704375ac2d87302a793757e54b1b

  • SHA1

    c1666b7d0724e908fdf6ee0d2f046dfe7524cdba

  • SHA256

    25a42d6dbd96d7a70df28309aa1f29de5e4df5aa18eca1420302896f7324c006

  • SHA512

    7932c9155230a09f93ac4ae5f96b0ab92c996aeec3abf327716718fea4fbf680ed8c22a159a43885703591d723e6e6defa9a8f7109a414fd8d61e8ae14a88cec

  • SSDEEP

    12288:ce0KoGD25dF7dWqzxRnEAcmdVTc3kkWvlXL+HhGwMzH29orC4njXE8l3glOMxQrY:R0TGDmvhWSrEIO3kkqlCMjloxQYdbjHp

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Targets

    • Target

      Arba Outstanding Statement.exe

    • Size

      1.2MB

    • MD5

      de2adabbce0147d01ae2fc5d80e9efbd

    • SHA1

      5c499b18b0a6059a8266c14c2a7db79ef1511637

    • SHA256

      c6a9cf5bccffab4f117d72117c58d725d779ed907d449426eb93a86956d33947

    • SHA512

      1e13c6b64043253af3be935e7bc83934a2ec47b9a48a184e0d3d0b76e4881d1630b3c7090a408eebc9a5c2fb7fd4d7e985e565f40c99813dca2e57fa50d3124c

    • SSDEEP

      24576:JAHnh+eWsN3skA4RV1Hom2KXMmHa1DIx+YJbBHtT95:Qh+ZkldoPK8Ya1kxxJrb

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks