Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
setup.zip
-
Size
32KB
-
Sample
201117-jlb9eck73j
-
MD5
df0f0251c43982d87f5b8a29f25f7810
-
SHA1
e08264c70d6bb92507b963ca733471621ec01acf
-
SHA256
4798591a79be1fe28b70af10883e655ee16ca90e858b0463154bccada7cb0fa4
-
SHA512
9f91c34d0c1897dab6afac95d484552f9af2635581fe6a2fd2f849ae1bd7806c0c75b6e57e45675426240a9b81616d711b27a9da5bf258651b820a053b7ddaf7
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v20201028
Malware Config
Extracted
diamondfox
https://www.datanalysis.club/ms/gate.php
https://www.datanalysis.site/ms/gate.php
https://www.datanalysis.space/ms/gate.php
cBFxpht5aCf0jy4gnUs3JgtqCB2O2tWJ
Targets
-
-
Target
setup.exe
-
Size
90KB
-
MD5
1d5b46ff3cd12fd31362557299d6f488
-
SHA1
42f5d828b03f5e4c03e9f935683b5d82e6e7dc26
-
SHA256
2f134d1467c3765898a1befc311b86414f8df96d307a6f05b23eebbb8866a69c
-
SHA512
4dd2071b369bd150da53446313fff30b08054b8724a02444c400db2f0b14062c51a5aff2390b1845cc87b629ffc77ecc5e72877f77f824553b6f68a7b39a9d23
Score10/10-
DiamondFox payload
Detects DiamondFox payload in file/memory.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-