Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ab269b10f73c08e0ad9d0a99e2cc33bfaa52129b873b3410051fc3a89f9ead5f
-
Size
4.5MB
-
Sample
220630-whf9fsgfd8
-
MD5
bb1a2e37da7ed8d7362c24c15ce39064
-
SHA1
beec351f6397eca18ec53091e116782bcc8cd25d
-
SHA256
ab269b10f73c08e0ad9d0a99e2cc33bfaa52129b873b3410051fc3a89f9ead5f
-
SHA512
45acd2886dbcc0228c99d07666230a07cecb5001bd086327dcdede19376604b4630ce66d062d5ff484887d23cd8428ab98dc5a2ae34d883ebd1191bca956c831
Malware Config
Targets
-
-
Target
ab269b10f73c08e0ad9d0a99e2cc33bfaa52129b873b3410051fc3a89f9ead5f
-
Size
4.5MB
-
MD5
bb1a2e37da7ed8d7362c24c15ce39064
-
SHA1
beec351f6397eca18ec53091e116782bcc8cd25d
-
SHA256
ab269b10f73c08e0ad9d0a99e2cc33bfaa52129b873b3410051fc3a89f9ead5f
-
SHA512
45acd2886dbcc0228c99d07666230a07cecb5001bd086327dcdede19376604b4630ce66d062d5ff484887d23cd8428ab98dc5a2ae34d883ebd1191bca956c831
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-