Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26.exe

  • Size

    1.1MB

  • Sample

    240509-btngpadc37

  • MD5

    343dcea7093067c0d16339e9838b0141

  • SHA1

    65b00a604b0b14e846adbce16e9367a4294c8c3f

  • SHA256

    423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26

  • SHA512

    cc17aa351f7542d093055aaa604a7abc4c5292c4fd588803cd5ebd6d0ce2e8b27736371228ace24abbae89539d28ba79f9948caaedf3c201c26da6a32b814e54

  • SSDEEP

    24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8ay0Jr+3mqPwS9vdrpCvNa:rTvC/MTQYxsWR7ayy3ADS

Malware Config

Targets

    • Target

      423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26.exe

    • Size

      1.1MB

    • MD5

      343dcea7093067c0d16339e9838b0141

    • SHA1

      65b00a604b0b14e846adbce16e9367a4294c8c3f

    • SHA256

      423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26

    • SHA512

      cc17aa351f7542d093055aaa604a7abc4c5292c4fd588803cd5ebd6d0ce2e8b27736371228ace24abbae89539d28ba79f9948caaedf3c201c26da6a32b814e54

    • SSDEEP

      24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8ay0Jr+3mqPwS9vdrpCvNa:rTvC/MTQYxsWR7ayy3ADS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables referencing Windows vault credential objects. Observed in infostealers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Detects executables referencing many email and collaboration clients. Observed in information stealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks