Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Halkbank_Ekstre_20240812_081403_007266.exe

  • Size

    1.4MB

  • Sample

    240812-lpxvnszbrf

  • MD5

    fb01a854283305bb8180075a0ffe68db

  • SHA1

    a3f9e9f93466ea7edfb45bdcaca73e2019dcd21a

  • SHA256

    9bf1760a20004fc2edd6334f613ea2fbb8e71ebac2f145b79a8782839b1c412e

  • SHA512

    a29950a535aa9e118dd615d830dbe7a2452794c4dddc2d5dcc6e5fd51dd580a8890e8383c7ebe28bf2e34a1c4aeed87a066d1d366e0bd85f29f616150107e1c6

  • SSDEEP

    24576:UAHnh+eWsN3skA4RV1Hom2KXMmHawpXQzG/WmNZ5:jh+ZkldoPK8YawpXQzaz

Malware Config

Targets

    • Target

      Halkbank_Ekstre_20240812_081403_007266.exe

    • Size

      1.4MB

    • MD5

      fb01a854283305bb8180075a0ffe68db

    • SHA1

      a3f9e9f93466ea7edfb45bdcaca73e2019dcd21a

    • SHA256

      9bf1760a20004fc2edd6334f613ea2fbb8e71ebac2f145b79a8782839b1c412e

    • SHA512

      a29950a535aa9e118dd615d830dbe7a2452794c4dddc2d5dcc6e5fd51dd580a8890e8383c7ebe28bf2e34a1c4aeed87a066d1d366e0bd85f29f616150107e1c6

    • SSDEEP

      24576:UAHnh+eWsN3skA4RV1Hom2KXMmHawpXQzG/WmNZ5:jh+ZkldoPK8YawpXQzaz

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks