Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Details4373.iso
-
Size
724KB
-
Sample
221031-mw29eaafg3
-
MD5
c5c8f78c469c4f9eb90712e9b0214e4c
-
SHA1
672a55028d94fe8983360323cd68445f3090b2ac
-
SHA256
566a9acc2dc021dea88e87291b6a384066ac91b4b04cb4cb13dbe69287f982a9
-
SHA512
11cf23e27632a16f650697009d51789c05656a376da535d70d7d5698a1d7a1bd52a55539211afe6e068201b0e216541aefd8496b965ff19ce166c0752f884b9b
-
SSDEEP
12288:u3wdOcUwDOMHHCgOWeOaqdD/sblafl4M/8toGXJZ6diNjqo8Ywr6t57AKC:Ow4wrHHCgOWeOaqdclafl4eGXuiNZ8Y8
Static task
static1
Behavioral task
behavioral1
Sample
Details.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Details.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
disallowable/missives.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
disallowable/missives.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
disallowable/unstrap.dll
Resource
win7-20220812-en
Malware Config
Extracted
qakbot
404.2
BB04
1666863946
27.110.134.202:995
1.156.220.47:17155
186.188.80.134:443
1.190.199.101:9480
187.1.1.181:42178
118.200.83.226:443
187.0.1.144:51727
193.3.19.137:443
1.201.68.209:12157
188.49.56.189:443
187.0.1.14:58271
190.74.248.136:443
201.210.92.3:2222
187.0.1.105:40325
64.123.103.123:443
41.97.169.44:443
72.88.245.71:443
187.0.1.45:59049
41.100.163.127:443
187.0.1.83:62527
175.205.2.54:443
187.0.1.201:63844
71.199.168.185:443
187.0.1.105:40278
186.18.210.16:443
101.109.44.197:995
187.0.1.181:11298
24.177.111.153:443
184.159.76.47:443
187.0.1.105:39831
93.156.96.171:443
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Targets
-
-
Target
Details.lnk
-
Size
1KB
-
MD5
650ab02e3958983f7f94f53f5f7577ad
-
SHA1
67f7feb7162ed825e27c69d36435fa9976fddd75
-
SHA256
6793028a0e990e74e4283d13a1ca3f4f41f3917eb38ce43b9baebe8e040b4ee2
-
SHA512
ea96c138ea9d262df35e0d70af6531e1a6246796e5ee4118718555ff88af7c76fc92dc40b1c4ea015772cd2c18fb95d6eb9d7200ab5e07b2ec09482a46b80c06
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
disallowable/missives.cmd
-
Size
384B
-
MD5
cc23679a6d228423e5425de92a61818f
-
SHA1
b44361210f5717575cacd871deda59ae14bb052a
-
SHA256
0d54088373e1d0ff51f7f9b90ddaf3cc2c973dc7d5b1d5b5ef18a2e496a1059e
-
SHA512
c404ed7fffd1c0a62aef71b840b357d9044e16a73ab452b7dc5600d2cb8d25e5c4b152cbbdb461aecaa90ae76e3dfa9a3a9ff72a687116c64da9d379dbf6191d
Score1/10 -
-
-
Target
disallowable/unstrap.dat
-
Size
422KB
-
MD5
a989f5efe8fa1653bb98b7c2265900af
-
SHA1
f5925cf7d38626d13694ef180e811f25ae583cf6
-
SHA256
5679c1eedb7d456cd5dd32cba5bed141787d354a384f4961f16bd96eb2ea383b
-
SHA512
b8af781775c310ae4442d6d3f766b86e196da277e3ed1496e47d2103f469c42f4d74df917811cc505eb1c9ff3063ceee5257041ebd3018ce27260d85cef62c0c
-
SSDEEP
12288:eqdD/sblafl4M/8toGXJZ6diNjqo8Ywr6t57AKC:eqdclafl4eGXuiNZ8Ye6c
-