Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f
-
Size
494KB
-
Sample
221011-m7wwrsbffl
-
MD5
00b4f16c961d8433284324d25b572800
-
SHA1
370d79c091997e0ac8ecdfd290c44f1dce79aa35
-
SHA256
f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f
-
SHA512
3a7c4e80124e8141b5f8825c276f87b7ae82fa64aa68d2d5c665ee0535ff962eafb519ee0bee2c5ce053b390bc7b488d5343cec285de6ba4523a1d80edf74e80
-
SSDEEP
12288:Gg3M9TO1Fu4+1nkjwCO93AQ/ESLIm5kMK0xTGEhuWEoIyiQ5hx:Gg3M01HRw39pESLI27xTpUWEoIyiQPx
Static task
static1
Behavioral task
behavioral1
Sample
f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f.exe
Resource
win7-20220812-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f
-
Size
494KB
-
MD5
00b4f16c961d8433284324d25b572800
-
SHA1
370d79c091997e0ac8ecdfd290c44f1dce79aa35
-
SHA256
f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f
-
SHA512
3a7c4e80124e8141b5f8825c276f87b7ae82fa64aa68d2d5c665ee0535ff962eafb519ee0bee2c5ce053b390bc7b488d5343cec285de6ba4523a1d80edf74e80
-
SSDEEP
12288:Gg3M9TO1Fu4+1nkjwCO93AQ/ESLIm5kMK0xTGEhuWEoIyiQ5hx:Gg3M01HRw39pESLI27xTpUWEoIyiQPx
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-