Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9bed8d03cd7d57bd7eb3a6804d5a8a7a065ac32e7a088876242d16d8d75c2b60
-
Size
341KB
-
Sample
221002-pyxg2sfdf4
-
MD5
634c4b47defc3f1f546f106ed9a5f230
-
SHA1
52d5c6634853b937689505d97d7a082e8e5b44b3
-
SHA256
9bed8d03cd7d57bd7eb3a6804d5a8a7a065ac32e7a088876242d16d8d75c2b60
-
SHA512
f06cc1dabc40f19c85b249d174b1a3a29c5fb6f9d886c40d1cde0b2e767410f3b4fc6d89f30e4aedf503f5d5d15f038295e92e747dfe5397988cc67dba62bd59
-
SSDEEP
6144:X8Ho8LQeAi56dSoqEl/+WQ7KKdRu6Noi53d7/:X8Ho8LQeAi56dSoqEl/+WQ7KKdRu6No2
Malware Config
Targets
-
-
Target
9bed8d03cd7d57bd7eb3a6804d5a8a7a065ac32e7a088876242d16d8d75c2b60
-
Size
341KB
-
MD5
634c4b47defc3f1f546f106ed9a5f230
-
SHA1
52d5c6634853b937689505d97d7a082e8e5b44b3
-
SHA256
9bed8d03cd7d57bd7eb3a6804d5a8a7a065ac32e7a088876242d16d8d75c2b60
-
SHA512
f06cc1dabc40f19c85b249d174b1a3a29c5fb6f9d886c40d1cde0b2e767410f3b4fc6d89f30e4aedf503f5d5d15f038295e92e747dfe5397988cc67dba62bd59
-
SSDEEP
6144:X8Ho8LQeAi56dSoqEl/+WQ7KKdRu6Noi53d7/:X8Ho8LQeAi56dSoqEl/+WQ7KKdRu6No2
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-