Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26.exe
-
Size
1.1MB
-
Sample
240509-btngpadc37
-
MD5
343dcea7093067c0d16339e9838b0141
-
SHA1
65b00a604b0b14e846adbce16e9367a4294c8c3f
-
SHA256
423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26
-
SHA512
cc17aa351f7542d093055aaa604a7abc4c5292c4fd588803cd5ebd6d0ce2e8b27736371228ace24abbae89539d28ba79f9948caaedf3c201c26da6a32b814e54
-
SSDEEP
24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8ay0Jr+3mqPwS9vdrpCvNa:rTvC/MTQYxsWR7ayy3ADS
Static task
static1
Behavioral task
behavioral1
Sample
423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26.exe
-
Size
1.1MB
-
MD5
343dcea7093067c0d16339e9838b0141
-
SHA1
65b00a604b0b14e846adbce16e9367a4294c8c3f
-
SHA256
423720630070804e01179413187d08c244a30225e658e38b9647ec6c26622d26
-
SHA512
cc17aa351f7542d093055aaa604a7abc4c5292c4fd588803cd5ebd6d0ce2e8b27736371228ace24abbae89539d28ba79f9948caaedf3c201c26da6a32b814e54
-
SSDEEP
24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8ay0Jr+3mqPwS9vdrpCvNa:rTvC/MTQYxsWR7ayy3ADS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-