Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

48fl6271oC...Ly.exe

windows7_x64

48fl6271oC...Ly.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48fl6271oClv7lfnOsBHvbLy.exe

  • Size

    900KB

  • Sample

    211016-de2f4sbfe3

  • MD5

    22f5d12116ee1c11f3173f977bafc744

  • SHA1

    f923b684397cb158ebd77b3d2a8e0365992867db

  • SHA256

    fd4d1fc83330c5cf818e557ef882ca147ba98fee4128fe00bda07c6c2f79050a

  • SHA512

    f628a0a9ebc0aa1c60e8a7bba9433bcf14216be064288aaf253965935d6b8ee310df11a72f559877cbfb3bb2aedb6c710f8d017ef8f36cfc5f71010de433500f

Score
10/10
spywarestealer

Malware Config

Targets

    • Target

      48fl6271oClv7lfnOsBHvbLy.exe

    • Size

      900KB

    • MD5

      22f5d12116ee1c11f3173f977bafc744

    • SHA1

      f923b684397cb158ebd77b3d2a8e0365992867db

    • SHA256

      fd4d1fc83330c5cf818e557ef882ca147ba98fee4128fe00bda07c6c2f79050a

    • SHA512

      f628a0a9ebc0aa1c60e8a7bba9433bcf14216be064288aaf253965935d6b8ee310df11a72f559877cbfb3bb2aedb6c710f8d017ef8f36cfc5f71010de433500f

    Score
    10/10
    spywarestealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks