Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0e09cd29aa8d2132c8c0d343cca42500155ef9be2419241c7b15a99726b0aa2c.zip
-
Size
696KB
-
Sample
240509-a9edaahc2w
-
MD5
bd49cb9dc6d047793a2bd492928c8387
-
SHA1
f1fd4d0607339abe32461f2444ed18014f3d845e
-
SHA256
92ea4f1d2c543da3d71c4dab1df529adc0557a282f5ed1b45db3f4f511b76aff
-
SHA512
3130ae3c2745df2d2a3757c6045dd54d9a695519a469b4b3147a3b7d6f5d4ca2300234ebd9e3068a08faacb1724f6a8e061a7c745384aa45fd3cb74d0c5276b2
-
SSDEEP
12288:p1YsVw6iJsTZtlmG+Oov2ZGBv1REiUetSat9Ojv6muXecWGtZuorAtlCNS+N4N+z:p1DVLiJ4oGNo5vMaSiFWGFElCNSCC5Vi
Static task
static1
Malware Config
Targets
-
-
Target
0e09cd29aa8d2132c8c0d343cca42500155ef9be2419241c7b15a99726b0aa2c.exe
-
Size
1.1MB
-
MD5
0c2885a542e3657e075c1293204f663d
-
SHA1
33c0b535333dbdfb18da6798945c3ab2e992c2bc
-
SHA256
0e09cd29aa8d2132c8c0d343cca42500155ef9be2419241c7b15a99726b0aa2c
-
SHA512
1376c53fad25020a9227652905eb15c44fb0eece475bc528186b067e3143e2acf5764b8231e39515cf9e9ad0edbf83461c4f16331fde1a097d1de0462a1dedf5
-
SSDEEP
24576:U4lavt0LkLL9IMixoEgeaIDVROzFnw+198UCsq9MmCS:jkwkn9IMHeaIDuFnwyjaPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Drops startup file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-