Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
79c5102316d9d99b55f51c53550a99b9ccef58f7386d79601a314029625c87aa.exe
-
Size
346KB
-
Sample
240809-wzcbtsxerc
-
MD5
3470b26b4f683b2c79794d5a71b5d681
-
SHA1
cb17633bfb7e935c0ff9b9aded16ec64cd45880b
-
SHA256
79c5102316d9d99b55f51c53550a99b9ccef58f7386d79601a314029625c87aa
-
SHA512
2c7cae1b505c98c07873f592087bbc864600a80be8f33069417e67d35ed5f221fcee96eea3b230c4c3b8a3096c8c99f11187977be31af537490b5757d4eb55c4
-
SSDEEP
6144:0Mm4CCe7fZXJPg3h/tZfbbFNKU7IUqIO/P8XbCo/32TIKaWEPgHT02ED1sgMo:0Mwd2Vpb5pyEXbb/m5t0WI
Static task
static1
Behavioral task
behavioral1
Sample
79c5102316d9d99b55f51c53550a99b9ccef58f7386d79601a314029625c87aa.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
79c5102316d9d99b55f51c53550a99b9ccef58f7386d79601a314029625c87aa.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.synergyinnovationsgroup.com - Port:
587 - Username:
[email protected] - Password:
C@p-Y8BoHc#? - Email To:
[email protected]
Targets
-
-
Target
79c5102316d9d99b55f51c53550a99b9ccef58f7386d79601a314029625c87aa.exe
-
Size
346KB
-
MD5
3470b26b4f683b2c79794d5a71b5d681
-
SHA1
cb17633bfb7e935c0ff9b9aded16ec64cd45880b
-
SHA256
79c5102316d9d99b55f51c53550a99b9ccef58f7386d79601a314029625c87aa
-
SHA512
2c7cae1b505c98c07873f592087bbc864600a80be8f33069417e67d35ed5f221fcee96eea3b230c4c3b8a3096c8c99f11187977be31af537490b5757d4eb55c4
-
SSDEEP
6144:0Mm4CCe7fZXJPg3h/tZfbbFNKU7IUqIO/P8XbCo/32TIKaWEPgHT02ED1sgMo:0Mwd2Vpb5pyEXbb/m5t0WI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
08de81a4584f5201086f57a7a93ed83b
-
SHA1
266a6ecc8fb7dca115e6915cd75e2595816841a8
-
SHA256
4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
-
SHA512
b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9
-
SSDEEP
48:S46+/1TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mLofjLl:zHuPbOBtWZBV8jAWiAJCdv2CmeL
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
6e55a6e7c3fdbd244042eb15cb1ec739
-
SHA1
070ea80e2192abc42f358d47b276990b5fa285a9
-
SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
-
SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
-
SSDEEP
192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
Score3/10 -