Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
00cc98ce7f33a796f773a3ba7940099164135fe1d0921bf6507d0a5f46290243
-
Size
1.0MB
-
Sample
221021-efjs5aahap
-
MD5
1742b7dfca7d2d1d3f160f39d8e58524
-
SHA1
474192523d4c547f1f2f18092c92034c195360ea
-
SHA256
00cc98ce7f33a796f773a3ba7940099164135fe1d0921bf6507d0a5f46290243
-
SHA512
85729a97e3cce1e88a86e5df3a92e85b54fbb761dedb8ec1c79d5a7fd2b39e33311203e941c7877465a2f96b5703e014bd778d15ba1a379695302c33172e2dd0
-
SSDEEP
24576:mw3dpJlpvCPe9Mgr6fL6BoIlmXh7tXj/RiSK9:mCD1qgr6WiIgX9R9HC
Malware Config
Extracted
Protocol: ftp- Host:
ftp.drivehq.com - Port:
21 - Username:
donatchange10 - Password:
qazwsx741
Targets
-
-
Target
00cc98ce7f33a796f773a3ba7940099164135fe1d0921bf6507d0a5f46290243
-
Size
1.0MB
-
MD5
1742b7dfca7d2d1d3f160f39d8e58524
-
SHA1
474192523d4c547f1f2f18092c92034c195360ea
-
SHA256
00cc98ce7f33a796f773a3ba7940099164135fe1d0921bf6507d0a5f46290243
-
SHA512
85729a97e3cce1e88a86e5df3a92e85b54fbb761dedb8ec1c79d5a7fd2b39e33311203e941c7877465a2f96b5703e014bd778d15ba1a379695302c33172e2dd0
-
SSDEEP
24576:mw3dpJlpvCPe9Mgr6fL6BoIlmXh7tXj/RiSK9:mCD1qgr6WiIgX9R9HC
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-