Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Trojan.Mardom.MN.10.23111.3388.exe
-
Size
1.1MB
-
Sample
221103-rjed2abbh7
-
MD5
3c21079c403687f4339a136919931ef5
-
SHA1
05bb1260bbdc0d05460f41e2423691f7c044bbe9
-
SHA256
2088000ab7a60b6d9eb519d1da9d42934e908a9724ab6977bc853d30b7f96642
-
SHA512
1285f2e9b1fb1cf2785f88514542a8bf7beeed52558fa9fb49280e2c91b1e17ccfc514435969491cbd0cd0d4f9d29e7803eec248ca43e04ebf37d5f14d05bc38
-
SSDEEP
24576:LNlitFN9lSz5iPqjiX+Iv3GytN1YeZo82E+u6Sz73JEL:LvizNCzc2I/GYNj6zup5E
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Mardom.MN.10.23111.3388.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
u6hu
OvIuZKrtOMxghbaZbvb/8h9g+Q==
mjHLVEVO8gwVeZ+7
Lh1lcZzH8pTXgpdDzV0vzyVooAsviHQ=
OzJXhMQYaQKNT1aBY/gM8h9g+Q==
WSJFbX28mK+jXVvRJofdtSc=
mEv6JdT2o7Nq++XYt8MFpx5QrhRdhA==
Wxf/NnjMRlBj6JK3jg==
nB21Q0tg7gEVeZ+7
IZinOswGUPAn51eHvCAoMetC
INxV9PYg7AQP0xyDAyg=
kkZP+Iq1AgMVeZ+7
meuru6sSaxxuoLS7gA==
y0jMTFyffedqCSRXVfm/
sJbTfRVKuQScxw==
+ecHP3ayIjYFnb7j2Pt6z5dK
uZnHRwRE9QwVeZ+7
ZBg6Sy054P4oHp0DknCx
nFXn8j4yTuJ9aOfNlw==
35ygHt8uASpReRyDAyg=
8nT3T+8eWeh6aOfNlw==
HhIzb7v+M7I5Sqnk5Gt6z5dK
Nd5UBShihWZZDA8=
CcrOdQtKpUrKSJqzig==
T/WOykxDMIU8/Q0=
XBwiL8gHqMd9JUiiX3+9
kpC3/164HctgequkvgoZQw==
enHp66c8IjQ=
aQYGrJLj3msLO5VP2WJqjW7+rhRdhA==
vDXNC+Q7VTNCCxI=
xWh0G6/2cIFB5ufaqTkHqGRN7zt5
jFLwNR5qOoU8/Q0=
IRa5/8L8vs2xLYKx
L5oor6OvWINoLTpfXvf98h9g+Q==
01FVerpZiCu82g==
IshjpT6he6Y9
UNuJ2awhgexLBRA=
kQD/IkhTZoRsfRyDAyg=
wIQ4Yy91Q3xYCDiWvgoZQw==
xJbODWKuFKgLsaGvvgoZQw==
CooPm7PhhIylxy3RGrmDFds77ARo
xHau8nb55cDT1cKz
rWTumLcgL1BSeRyDAyg=
ejPpClNWuQScxw==
oEH5T+cGGqjrNmkVmrI/bi8=
EJKwS83Y4nfe9CuKRmSu
DM2GjMuIuQScxw==
iAWaJTWEiB9Z4RyDAyg=
CtYQsdIzKoU8/Q0=
zpzF/GbBgje3aOfNlw==
F8xug9XSzeDT5pD3RF6q
FqukyevwFLkOyxyDAyg=
QjLUF95BcpCpiK24gA==
vnUTT+0UgexLBRA=
31brkKCS+H4VeZ+7
RQez61BOWa1I+Ac=
OS7mmaK7bIe4j5cqaxQJ8h9g+Q==
rlbMZ37Mq7WXSYSv/iI=
hzTCZITPnqu68El/e4XNnoPr0RJx
hVAJKOpaZsFdDxQ=
O0b/K5Upgg==
jhMiu0550a6bqAu+NYfdtSc=
e8pri9rk9lNKKYkHZe4N8h9g+Q==
7LVrhEajdHxxfRyDAyg=
52hl5Fpec9eCkvqdAiA=
cp12326.com
Targets
-
-
Target
SecuriteInfo.com.Trojan.Mardom.MN.10.23111.3388.exe
-
Size
1.1MB
-
MD5
3c21079c403687f4339a136919931ef5
-
SHA1
05bb1260bbdc0d05460f41e2423691f7c044bbe9
-
SHA256
2088000ab7a60b6d9eb519d1da9d42934e908a9724ab6977bc853d30b7f96642
-
SHA512
1285f2e9b1fb1cf2785f88514542a8bf7beeed52558fa9fb49280e2c91b1e17ccfc514435969491cbd0cd0d4f9d29e7803eec248ca43e04ebf37d5f14d05bc38
-
SSDEEP
24576:LNlitFN9lSz5iPqjiX+Iv3GytN1YeZo82E+u6Sz73JEL:LvizNCzc2I/GYNj6zup5E
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-