Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c
-
Size
388KB
-
Sample
221120-mwdaaaaa53
-
MD5
c0a89cca7440553df0f7f6f512fe6155
-
SHA1
d436f20942c482244e591b0fd96a73807e2e3c0a
-
SHA256
f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c
-
SHA512
4b5b13dd8231364d6deee2e730c1d02617a85e2d5dec51de5f1613e2f95c6800aed09e9b17209a9d5b5159bbe47b26875d98fe48fa724ec6667eb0ee5a31ca7a
-
SSDEEP
6144:qLurmZyXaw3bQ/4ugAT4auUZmbW+503i/nIr:7yMX54bluUgHU
Static task
static1
Behavioral task
behavioral1
Sample
f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c
-
Size
388KB
-
MD5
c0a89cca7440553df0f7f6f512fe6155
-
SHA1
d436f20942c482244e591b0fd96a73807e2e3c0a
-
SHA256
f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c
-
SHA512
4b5b13dd8231364d6deee2e730c1d02617a85e2d5dec51de5f1613e2f95c6800aed09e9b17209a9d5b5159bbe47b26875d98fe48fa724ec6667eb0ee5a31ca7a
-
SSDEEP
6144:qLurmZyXaw3bQ/4ugAT4auUZmbW+503i/nIr:7yMX54bluUgHU
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-