Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
L2NPC/HFExt.dll
windows7-x64
1L2NPC/HFExt.dll
windows10-2004-x64
1L2NPC/L2NPC.exe
windows7-x64
3L2NPC/L2NPC.exe
windows10-2004-x64
3L2Server/GGauth70.dll
windows7-x64
3L2Server/GGauth70.dll
windows10-2004-x64
3L2Server/HFExt.dll
windows7-x64
1L2Server/HFExt.dll
windows10-2004-x64
1L2Server/L2Server.exe
windows7-x64
3L2Server/L2Server.exe
windows10-2004-x64
7L2Server/Loader.exe
windows7-x64
3L2Server/Loader.exe
windows10-2004-x64
1General
-
Target
ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc
-
Size
4.9MB
-
Sample
221031-fpr2jabaaq
-
MD5
1c4087ef9d965705c2677399b3604bbc
-
SHA1
41b0db5350c7d90675e64634b2bb688b4dcf95e2
-
SHA256
ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc
-
SHA512
aca1141fef756ca5ed1dc17527087e406fda9ee8afa566292ffb1634d5e034799e49f0a6c378bf040850dff683445201d90dcf593561934b77fd1146b7c6d320
-
SSDEEP
98304:RcD7ZudP8yqlboyy2b9yNBg1XKHuTfrbDLio2gVQy5jwNmhzQEPd:uDkEyqlbDfb9yrOzHiold/J
Static task
static1
Behavioral task
behavioral1
Sample
L2NPC/HFExt.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
L2NPC/HFExt.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
L2NPC/L2NPC.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
L2NPC/L2NPC.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
L2Server/GGauth70.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
L2Server/GGauth70.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
L2Server/HFExt.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
L2Server/HFExt.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
L2Server/L2Server.exe
Resource
win7-20220901-en
Behavioral task
behavioral10
Sample
L2Server/L2Server.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
L2Server/Loader.exe
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
L2Server/Loader.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
L2NPC/HFExt.dll
-
Size
1.1MB
-
MD5
771a913655b7cf44986878a2310642c3
-
SHA1
29cfb5009cfb7020d9037999b56cc7a976183af5
-
SHA256
b21aad37dce35c48b2774f0de2ed19e48f1cb1146c3ba553778d208a19178815
-
SHA512
071fdfad4c5f371f4366c6f8834c901ddc3ff5b898d10702063183ee767c71b2d616741e1bc161c42240126b785798dc4b2081088f33e95ccaf31286ed781c22
-
SSDEEP
24576:gDV22RQmpUoTJ++KBSlWndFT+PmmRpjDo98gk6NjBdwFSStQwla/Mwmq1/VQvlwl:gDV22RQJoTJ++/lyT+PmmRpnkNjBdwFq
Score1/10 -
-
-
Target
L2NPC/L2NPC.exe
-
Size
3.0MB
-
MD5
600a18faebf9f776e6da00130c6c158c
-
SHA1
c1a7ca76a50dea5938615ae247aba2bffe8c3740
-
SHA256
70ca305182907b39e56373a6ef7d43adbb668e86983afd1b851a5640954950ca
-
SHA512
0f47ea1f15e43a5bb41169e8032de8d3e58e444860fb7eebb45bc496b403e1000863241ad89dfe5e5347cdb12a5ae013ee0173e69b0bc26e79a8af7d9929b59b
-
SSDEEP
49152:y8kv1/vPS8dBzeuKsmri+wnbQLkVlRI4V2RaJLSoRkxjUzg+p9wr:+pBRnwJUzg+p9
Score3/10 -
-
-
Target
L2Server/GGauth70.dll
-
Size
111KB
-
MD5
08e77144afb763a659c9350a7dc1c7b3
-
SHA1
9e01ed7633f1b311546c01799bf21dbafcb67767
-
SHA256
c4a81a32a4d39829057d66fdfa8dd40bc24c30b9ce287d0727cb4c0e82e6ea93
-
SHA512
acecd1a7d1a362509933834c073f9850253f3c7ed14daec5ffdbd1fee2a618fffbe2c1c8365c228031feb3bd784c2f2746e5dc870fbc17ca7caa84b7cfd1e552
-
SSDEEP
1536:67MzvhXY4EbVCOBJFHsdSYEMEXjIUqR9AAeTnzxEPRd/PzxD/sTIi50Cd1JA87E9:gqXdEbMGHsdS8iE87EgcqDDyr4oP
Score3/10 -
-
-
Target
L2Server/HFExt.dll
-
Size
1.1MB
-
MD5
771a913655b7cf44986878a2310642c3
-
SHA1
29cfb5009cfb7020d9037999b56cc7a976183af5
-
SHA256
b21aad37dce35c48b2774f0de2ed19e48f1cb1146c3ba553778d208a19178815
-
SHA512
071fdfad4c5f371f4366c6f8834c901ddc3ff5b898d10702063183ee767c71b2d616741e1bc161c42240126b785798dc4b2081088f33e95ccaf31286ed781c22
-
SSDEEP
24576:gDV22RQmpUoTJ++KBSlWndFT+PmmRpjDo98gk6NjBdwFSStQwla/Mwmq1/VQvlwl:gDV22RQJoTJ++/lyT+PmmRpnkNjBdwFq
Score1/10 -
-
-
Target
L2Server/L2Server.exe
-
Size
12.6MB
-
MD5
8235a379be7a063b9d90a38e276cbb30
-
SHA1
b6174fc0b2de1aecb09c12fc73e9369e5a5b95c5
-
SHA256
203e3300d1e76dbc45e0c0e1b5d0e0388e1143924333398954016c6003b45511
-
SHA512
3f30fb08ee92a73a3a19dc22c3440b2afef2a5babc735dfdea04021180440b5baaf444d975c9bae502c73fe823ce9d0f419dd71ffdc9960f655071130e3152c3
-
SSDEEP
98304:FayXbXfSoVXB8H7cyxOhtwTN2EBLBYFZpECfzIKOQG8GHk91bBqnA4WgX32daeH3:FlXbPDVXB27cXtwTN2EFBIFzIRQLmeH3
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
L2Server/Loader.exe
-
Size
7.2MB
-
MD5
fa7d5c4c0d738f90cfb4cce4e5164570
-
SHA1
0e3764f87d5875de0929efcff684091372ed3086
-
SHA256
e2f4ce4f66cf6e537485203b2ea299c8b22c1c577ba4da94080312a6f5c228fd
-
SHA512
4a046d1c105e3f5d08550eff955e1e1199e5510fb3cfdb8afef9af64bdee5d9a09ce520dc6307b21cc674805bac5ae054908638c0ddf51f8104ea74c839d0007
-
SSDEEP
49152:gSjCbvvRJsvifKhO+KFZ6X8Cdt2bHu6ECnOzgdAA0OtI2HUVUrKDbRpjmLLZsUeT:mbvRJQKFZ6X2zxKnRp8Z0j3r4Fox08
Score3/10 -