Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978
-
Size
988KB
-
Sample
221127-sqcpfsbg9y
-
MD5
43bce7d2d4566464370caaed1ddc3e8d
-
SHA1
d141faa5ec358cdf27d46abb00ab42b09d8b7561
-
SHA256
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978
-
SHA512
99fac90d8c38faea3cb58e78814d24c60e42788b6159c94bd7f87ce026f0beccf4994a2accec4b04b2825067d37fd02c88e930ae49d5afc45e90771a9b64dff7
-
SSDEEP
24576:TIEd98/23P+JcpDNTRK/yr4+OCx9fr4WdH:cEdC/QWETKvEyWt
Static task
static1
Behavioral task
behavioral1
Sample
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978
-
Size
988KB
-
MD5
43bce7d2d4566464370caaed1ddc3e8d
-
SHA1
d141faa5ec358cdf27d46abb00ab42b09d8b7561
-
SHA256
a6b8782fa479cb68fd3643ea41941de8d7fc5b1d01c30d5e52aa264110b89978
-
SHA512
99fac90d8c38faea3cb58e78814d24c60e42788b6159c94bd7f87ce026f0beccf4994a2accec4b04b2825067d37fd02c88e930ae49d5afc45e90771a9b64dff7
-
SSDEEP
24576:TIEd98/23P+JcpDNTRK/yr4+OCx9fr4WdH:cEdC/QWETKvEyWt
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-