Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f19775c320e51fe1f9d4bfbee4c1ae2bd949c65ddf7588f406cefe9ad3dbfc30
-
Size
499KB
-
Sample
221030-ckgs8agda3
-
MD5
92e36d600ecae197c77bbf2f9f8bdd90
-
SHA1
9e3827bc8921af6f2c49883931b415fd546570c1
-
SHA256
f19775c320e51fe1f9d4bfbee4c1ae2bd949c65ddf7588f406cefe9ad3dbfc30
-
SHA512
db228795357abf3f636b82133f6ce7e4a9c07808f3389a5de0b6c2f4d405a534db3a835324fbcdfd11cb53930038ab0a1bd0db203fbffc43ef799b5b909e8e10
-
SSDEEP
12288:QHeVNdfPk+wJbfaY/KdMr2cJNmMRkaYu6SMCMIKKugvkqY:QHednk+whn/iMfJ/kaySMCMIKQ8L
Malware Config
Targets
-
-
Target
f19775c320e51fe1f9d4bfbee4c1ae2bd949c65ddf7588f406cefe9ad3dbfc30
-
Size
499KB
-
MD5
92e36d600ecae197c77bbf2f9f8bdd90
-
SHA1
9e3827bc8921af6f2c49883931b415fd546570c1
-
SHA256
f19775c320e51fe1f9d4bfbee4c1ae2bd949c65ddf7588f406cefe9ad3dbfc30
-
SHA512
db228795357abf3f636b82133f6ce7e4a9c07808f3389a5de0b6c2f4d405a534db3a835324fbcdfd11cb53930038ab0a1bd0db203fbffc43ef799b5b909e8e10
-
SSDEEP
12288:QHeVNdfPk+wJbfaY/KdMr2cJNmMRkaYu6SMCMIKKugvkqY:QHednk+whn/iMfJ/kaySMCMIKQ8L
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-