Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ZAMÓWIENI...22.exe

windows7-x64

10

ZAMÓWIENI...22.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26032025_1707_26032025_ZAMÓWIENIE_NR.2503261189303-22.IMG

  • Size

    1.9MB

  • Sample

    250326-vnb19a1ns5

  • MD5

    762930767ac71a8674bba4871ad7917a

  • SHA1

    cd54e812046f1b0449e2d145a2613cf62e55720c

  • SHA256

    1b93e35046b65fd1204131c752ff9a6f1cad3383b26e30c66cb4dc6c15923691

  • SHA512

    3dd8d6c4a4043d6146cc84ab658ac79a917689c120cf9a97b1acaa3975995b23b0f06e9e819e9234bf4a7b9c521f7ea374ba661153d5716debc868ba94149eaf

  • SSDEEP

    24576:xuMVWyZ20itWf6QKP28rNaoA3loPwtJhUADiiB2Lln/bsOgAdjv0LZi:xuMQm2fCbEA3GPsPUGIngABvK

Score
10/10
agentteslaguloaderdiscoverydownloaderkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.rusticpensiune.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    99AM}+NZ&CCq!4Vq)9!(zXx01.lQ!~nS.fBnY,4Z~fjHnGo*B3Gd;B{Q1!%-Xw--%vn^0%nt

Targets

    • Target

      ZAMÓWIENIE_NR.2503261189303-22.exe

    • Size

      1.4MB

    • MD5

      bb8ebb7e2951662ced5e2f65684155b5

    • SHA1

      4da55f17a8425484b999e3eceac42fd4882aea59

    • SHA256

      89e85fa592b8da5c4b6538ff706e875b7a8bb5d48ab74dbd0a0fbd953eb954b0

    • SHA512

      189981b9e9ef1232abf5990c880338eed2ced9589eec5fae3d3d534b1dedbf49dc086937607e85204d1dd71d48984608cf0e231e88a227d46fb9917498161679

    • SSDEEP

      24576:EuMVWyZ20itWf6QKP28rNaoA3loPwtJhUADiiB2Lln/bsOgAdjv0LZi:EuMQm2fCbEA3GPsPUGIngABvK

    Score
    10/10
    agentteslaguloaderdiscoverydownloaderkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      12b140583e3273ee1f65016becea58c4

    • SHA1

      92df24d11797fefd2e1f8d29be9dfd67c56c1ada

    • SHA256

      014f1dfeb842cf7265a3644bc6903c592abe9049bfc7396829172d3d72c4d042

    • SHA512

      49ffdfa1941361430b6acb3555fd3aa05e4120f28cbdf7ceaa2af5937d0b8cccd84471cf63f06f97cf203b4aa20f226bdad082e9421b8e6b62ab6e1e9fc1e68a

    • SSDEEP

      192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks