Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Invoice.exe
-
Size
974KB
-
Sample
220901-kbvygscgd4
-
MD5
288e1e9a0d79b265aaf409a1c39b67dd
-
SHA1
daccc93545a168dcb69dd8b18ab01ca1f4a68cbc
-
SHA256
95bb38f864cb2a18cc598ce238ef85dc5eae8de91c0f2e58c175460fc8ebe94d
-
SHA512
1dedd914fdf8bb966525bb951a348a61ab91d1f1384fb035034eac07d331c09bc460f88cd9412c677998b9bf84a2b6e1d99f2c64e0b79a8a1976b11a9481641b
-
SSDEEP
24576:jZ5hSCAlqmCXyvuDdGBGwZcZoyMgvN6QAJXY+mzo3bv:d5hStqmSycYGayMgl6QUlmzM
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
oski
v.m-fit.biz
Targets
-
-
Target
Invoice.exe
-
Size
974KB
-
MD5
288e1e9a0d79b265aaf409a1c39b67dd
-
SHA1
daccc93545a168dcb69dd8b18ab01ca1f4a68cbc
-
SHA256
95bb38f864cb2a18cc598ce238ef85dc5eae8de91c0f2e58c175460fc8ebe94d
-
SHA512
1dedd914fdf8bb966525bb951a348a61ab91d1f1384fb035034eac07d331c09bc460f88cd9412c677998b9bf84a2b6e1d99f2c64e0b79a8a1976b11a9481641b
-
SSDEEP
24576:jZ5hSCAlqmCXyvuDdGBGwZcZoyMgvN6QAJXY+mzo3bv:d5hStqmSycYGayMgl6QUlmzM
Score10/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-