Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
无害.exe
-
Size
5.6MB
-
Sample
240629-hc1t1swbpr
-
MD5
eb08619ed85a31118a80ce0a2f73f25f
-
SHA1
4289df26068458def91c876933e0483867625b2b
-
SHA256
f775611b5d45d3c13217c30f3792963894ecf0726a554188e5e2ee72077e6939
-
SHA512
b8f32587867025e11c6af73c8c3c7ba8f0ec2966cbd2a702240ab26c789ff791475d753ce53114d4c07dc0e2b2c79deba7ae1752d8ccca1ba6337d4a468e3fb0
-
SSDEEP
98304:F3AszIKgNQbnhi1ZKUZWFCGFR62sn+s0eFyVJPJuyacAlKWjR9qw4H9U:F3jzIRi1S+LFR6DZwrPJuplKWvgW
Behavioral task
behavioral1
Sample
无害.exe
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
无害.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
无害.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
无害.exe
-
Size
5.6MB
-
MD5
eb08619ed85a31118a80ce0a2f73f25f
-
SHA1
4289df26068458def91c876933e0483867625b2b
-
SHA256
f775611b5d45d3c13217c30f3792963894ecf0726a554188e5e2ee72077e6939
-
SHA512
b8f32587867025e11c6af73c8c3c7ba8f0ec2966cbd2a702240ab26c789ff791475d753ce53114d4c07dc0e2b2c79deba7ae1752d8ccca1ba6337d4a468e3fb0
-
SSDEEP
98304:F3AszIKgNQbnhi1ZKUZWFCGFR62sn+s0eFyVJPJuyacAlKWjR9qw4H9U:F3jzIRi1S+LFR6DZwrPJuplKWvgW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-