Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
quotation List #039.pdf.exe
-
Size
325KB
-
Sample
200710-emksb34y66
-
MD5
2b1b6a99d9427ced3bcaaf141dd36b34
-
SHA1
43e55e4c97dd72e3186e1849242f3cd62d991bd6
-
SHA256
36f76be816898a8ac90603edeed2ff90983d062f047f6e00c66d54964c582cc8
-
SHA512
1b73afad027bf565e0e4007ee5c6d0cd5b2420182c4de7179dcef7f7f91789aabab8a2b4efd17a5cd50432c3598ced5058130104daa57d9f0f8b71c4fd41b1fa
Static task
static1
Behavioral task
behavioral1
Sample
quotation List #039.pdf.exe
Resource
win7
Behavioral task
behavioral2
Sample
quotation List #039.pdf.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
quotation List #039.pdf.exe
-
Size
325KB
-
MD5
2b1b6a99d9427ced3bcaaf141dd36b34
-
SHA1
43e55e4c97dd72e3186e1849242f3cd62d991bd6
-
SHA256
36f76be816898a8ac90603edeed2ff90983d062f047f6e00c66d54964c582cc8
-
SHA512
1b73afad027bf565e0e4007ee5c6d0cd5b2420182c4de7179dcef7f7f91789aabab8a2b4efd17a5cd50432c3598ced5058130104daa57d9f0f8b71c4fd41b1fa
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-