Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Halkbank_Ekstre_20240812_081403_007266.exe
-
Size
1.4MB
-
Sample
240812-lpxvnszbrf
-
MD5
fb01a854283305bb8180075a0ffe68db
-
SHA1
a3f9e9f93466ea7edfb45bdcaca73e2019dcd21a
-
SHA256
9bf1760a20004fc2edd6334f613ea2fbb8e71ebac2f145b79a8782839b1c412e
-
SHA512
a29950a535aa9e118dd615d830dbe7a2452794c4dddc2d5dcc6e5fd51dd580a8890e8383c7ebe28bf2e34a1c4aeed87a066d1d366e0bd85f29f616150107e1c6
-
SSDEEP
24576:UAHnh+eWsN3skA4RV1Hom2KXMmHawpXQzG/WmNZ5:jh+ZkldoPK8YawpXQzaz
Malware Config
Targets
-
-
Target
Halkbank_Ekstre_20240812_081403_007266.exe
-
Size
1.4MB
-
MD5
fb01a854283305bb8180075a0ffe68db
-
SHA1
a3f9e9f93466ea7edfb45bdcaca73e2019dcd21a
-
SHA256
9bf1760a20004fc2edd6334f613ea2fbb8e71ebac2f145b79a8782839b1c412e
-
SHA512
a29950a535aa9e118dd615d830dbe7a2452794c4dddc2d5dcc6e5fd51dd580a8890e8383c7ebe28bf2e34a1c4aeed87a066d1d366e0bd85f29f616150107e1c6
-
SSDEEP
24576:UAHnh+eWsN3skA4RV1Hom2KXMmHawpXQzG/WmNZ5:jh+ZkldoPK8YawpXQzaz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-