Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bf7b28989ddb52cfbbc4bc58acdd33121fe8d95f081185f825ca05085789a5bd
-
Size
684KB
-
Sample
221029-3vrpaachhj
-
MD5
a2956dfca9be381f1184f9ce81845ab0
-
SHA1
a92d3c8c18b08f1fa2be87d850799c6c271bb8ec
-
SHA256
bf7b28989ddb52cfbbc4bc58acdd33121fe8d95f081185f825ca05085789a5bd
-
SHA512
4fd4c221910cb6d1f577fa427e479ba677c77c592f6b0cca6cb94081357cc56c185df5d233614a1bd867de60520b3320c8b5e0fce7297504e2cda5985bc07789
-
SSDEEP
12288:UpgvmzFHi0mo5aH0qMzd5807F4PJQPDHvd:UpgvOHi0mGaH0qSdPFq4V
Malware Config
Targets
-
-
Target
bf7b28989ddb52cfbbc4bc58acdd33121fe8d95f081185f825ca05085789a5bd
-
Size
684KB
-
MD5
a2956dfca9be381f1184f9ce81845ab0
-
SHA1
a92d3c8c18b08f1fa2be87d850799c6c271bb8ec
-
SHA256
bf7b28989ddb52cfbbc4bc58acdd33121fe8d95f081185f825ca05085789a5bd
-
SHA512
4fd4c221910cb6d1f577fa427e479ba677c77c592f6b0cca6cb94081357cc56c185df5d233614a1bd867de60520b3320c8b5e0fce7297504e2cda5985bc07789
-
SSDEEP
12288:UpgvmzFHi0mo5aH0qMzd5807F4PJQPDHvd:UpgvOHi0mGaH0qSdPFq4V
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-