Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Order_CIQ1154500.js
-
Size
264KB
-
Sample
221019-qc7xbshfbl
-
MD5
e7aede188ac796441ed5e5ca540380e1
-
SHA1
e1c57ba8d14b0bb1a178f3421b8ac2d91bccac4a
-
SHA256
cd5174fc461fe40d27c5c0dfc1276455214c8e102e833dab0ec83c94235d9bdd
-
SHA512
5d7419887e76e2d374191aac40b3bac7e3cdd7208ba5f816bbc93491e47608b08a2b58cb267d09802f13af5f9644c5a72e1c21a389cf65148e11b90e838d55f7
-
SSDEEP
6144:Vgo2Vc81hNSE+ybe1wDTeyMWy3eaNvwm9rf12kG3o:hwWybeMIezmen4
Static task
static1
Behavioral task
behavioral1
Sample
Order_CIQ1154500.js
Resource
win7-20220901-en
Malware Config
Extracted
wshrat
http://thehokage22.ddns.net:4488
Targets
-
-
Target
Order_CIQ1154500.js
-
Size
264KB
-
MD5
e7aede188ac796441ed5e5ca540380e1
-
SHA1
e1c57ba8d14b0bb1a178f3421b8ac2d91bccac4a
-
SHA256
cd5174fc461fe40d27c5c0dfc1276455214c8e102e833dab0ec83c94235d9bdd
-
SHA512
5d7419887e76e2d374191aac40b3bac7e3cdd7208ba5f816bbc93491e47608b08a2b58cb267d09802f13af5f9644c5a72e1c21a389cf65148e11b90e838d55f7
-
SSDEEP
6144:Vgo2Vc81hNSE+ybe1wDTeyMWy3eaNvwm9rf12kG3o:hwWybeMIezmen4
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-