Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fgh.exe
-
Size
695KB
-
Sample
221007-tnn55sdafm
-
MD5
c980c7e6f4087c91113528f72c824192
-
SHA1
4e2bba5c5ced0a245e372fed825c829ba47ba5f2
-
SHA256
feb81e1b4ff1bd5cc83dc87f6a67629b5c64bc4f8460c6b5084022512c5c426d
-
SHA512
32b034aa526717e99f736a80091f1378a6fc6fdee1ef066288484ebc0779e9b11c0038db82e61123e89d3ef68a381edbadd1c56b11d4294521992181cb6063f3
-
SSDEEP
12288:RNmuYu9aooBha0zajauQwTVnTAI8KzjGFg7XvZA7CFTGSEZTjU4Ptl4hDEJ2UZ0e:RNmLuAoon6mwhnz1jGFgzvZAmLEZ84VH
Static task
static1
Behavioral task
behavioral1
Sample
fgh.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fgh.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\19D9201D49\Log.txt
masslogger
Targets
-
-
Target
fgh.exe
-
Size
695KB
-
MD5
c980c7e6f4087c91113528f72c824192
-
SHA1
4e2bba5c5ced0a245e372fed825c829ba47ba5f2
-
SHA256
feb81e1b4ff1bd5cc83dc87f6a67629b5c64bc4f8460c6b5084022512c5c426d
-
SHA512
32b034aa526717e99f736a80091f1378a6fc6fdee1ef066288484ebc0779e9b11c0038db82e61123e89d3ef68a381edbadd1c56b11d4294521992181cb6063f3
-
SSDEEP
12288:RNmuYu9aooBha0zajauQwTVnTAI8KzjGFg7XvZA7CFTGSEZTjU4Ptl4hDEJ2UZ0e:RNmLuAoon6mwhnz1jGFgzvZAmLEZ84VH
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-