Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f0db4ce49381eaa871a8bb7301265136eef1f88a1c291b72022c8e94cdf8f97a
-
Size
488KB
-
Sample
221126-r3etxabd45
-
MD5
e0968638796261d3bd533c7f452095c0
-
SHA1
60b9e96a5d6e5cbf71a01e0530b89115f051a960
-
SHA256
f0db4ce49381eaa871a8bb7301265136eef1f88a1c291b72022c8e94cdf8f97a
-
SHA512
e0890b6464f9a2d3ccf1c09b99c8d2fdb16f554b483e6480d896ffb10e314ea7908c1a9d4f4740cb4eb1eea5eae29e4ad1e7a21f3f3950d5d0198f1079153d45
-
SSDEEP
12288:Y+j2RX5IOHj2XY0uo7vKzB1/xmXke2ovXtf0RS2w3CD9:Y+jS5IOD2I0h7v0B1/Wke2atf0ZwyD
Static task
static1
Behavioral task
behavioral1
Sample
f0db4ce49381eaa871a8bb7301265136eef1f88a1c291b72022c8e94cdf8f97a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f0db4ce49381eaa871a8bb7301265136eef1f88a1c291b72022c8e94cdf8f97a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f0db4ce49381eaa871a8bb7301265136eef1f88a1c291b72022c8e94cdf8f97a
-
Size
488KB
-
MD5
e0968638796261d3bd533c7f452095c0
-
SHA1
60b9e96a5d6e5cbf71a01e0530b89115f051a960
-
SHA256
f0db4ce49381eaa871a8bb7301265136eef1f88a1c291b72022c8e94cdf8f97a
-
SHA512
e0890b6464f9a2d3ccf1c09b99c8d2fdb16f554b483e6480d896ffb10e314ea7908c1a9d4f4740cb4eb1eea5eae29e4ad1e7a21f3f3950d5d0198f1079153d45
-
SSDEEP
12288:Y+j2RX5IOHj2XY0uo7vKzB1/xmXke2ovXtf0RS2w3CD9:Y+jS5IOD2I0h7v0B1/Wke2atf0ZwyD
-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Modifies firewall policy service
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-