Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0e09cd29aa8d2132c8c0d343cca42500155ef9be2419241c7b15a99726b0aa2c.zip

  • Size

    696KB

  • Sample

    240509-a9edaahc2w

  • MD5

    bd49cb9dc6d047793a2bd492928c8387

  • SHA1

    f1fd4d0607339abe32461f2444ed18014f3d845e

  • SHA256

    92ea4f1d2c543da3d71c4dab1df529adc0557a282f5ed1b45db3f4f511b76aff

  • SHA512

    3130ae3c2745df2d2a3757c6045dd54d9a695519a469b4b3147a3b7d6f5d4ca2300234ebd9e3068a08faacb1724f6a8e061a7c745384aa45fd3cb74d0c5276b2

  • SSDEEP

    12288:p1YsVw6iJsTZtlmG+Oov2ZGBv1REiUetSat9Ojv6muXecWGtZuorAtlCNS+N4N+z:p1DVLiJ4oGNo5vMaSiFWGFElCNSCC5Vi

Malware Config

Targets

    • Target

      0e09cd29aa8d2132c8c0d343cca42500155ef9be2419241c7b15a99726b0aa2c.exe

    • Size

      1.1MB

    • MD5

      0c2885a542e3657e075c1293204f663d

    • SHA1

      33c0b535333dbdfb18da6798945c3ab2e992c2bc

    • SHA256

      0e09cd29aa8d2132c8c0d343cca42500155ef9be2419241c7b15a99726b0aa2c

    • SHA512

      1376c53fad25020a9227652905eb15c44fb0eece475bc528186b067e3143e2acf5764b8231e39515cf9e9ad0edbf83461c4f16331fde1a097d1de0462a1dedf5

    • SSDEEP

      24576:U4lavt0LkLL9IMixoEgeaIDVROzFnw+198UCsq9MmCS:jkwkn9IMHeaIDuFnwyjaPCS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Drops startup file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks