Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
52439fc69054e5bc2514f2abf538114412596f5e0bd2d9cc9c8d3fd29cc1d5f2.7z
-
Size
638KB
-
Sample
240509-bwwabaah8y
-
MD5
b156f7c28ba387b87e620b29d45cd0c2
-
SHA1
e0cdd53cf5f009d0feadd2f4ad693c480da2f1d3
-
SHA256
52439fc69054e5bc2514f2abf538114412596f5e0bd2d9cc9c8d3fd29cc1d5f2
-
SHA512
af707d7b7f473ad1e4a2ba80a9305f408994fe3c8c097298f4b45e9301a26f63bc705376e6df400f9cadc76495ecb3f822bfa48daf0bdd258d73c4228ddd531b
-
SSDEEP
12288:ZaN6X3Edi0qFL6CUWgTZINPDjK/RzSApR0QlLkvBFUdYPhA29f0E4QigEzFFXR/8:ihBCUtT2BwzjGWEqiha/Qw7iL
Static task
static1
Behavioral task
behavioral1
Sample
PO20240134.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
PO20240134.exe
-
Size
1.3MB
-
MD5
a5483caabc4d39093832411bfb71ca89
-
SHA1
d8e7fc4c53ce6227a57e2afea785a182067c93dd
-
SHA256
a2f706ab41a92d4fb767e26c7b1d710c165c59214456702be8bb2428d6d6236b
-
SHA512
88f759448adc4f7bf6c6e41f14c9d86c4b50af6280958e9eb4103058f71b4a7a82832c7bfbf4c6ae94f24f254ce536ed2ba63e14d46bea1d05dd249451c805ae
-
SSDEEP
24576:I4lavt0LkLL9IMixoEgeaiqssbe6fht/QpvOq9MmCS:fkwkn9IMHeaiq35t/ZaPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-