Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486
-
Size
516KB
-
Sample
221128-bb275acc64
-
MD5
bbd539c2f5907147c24614a1ed21de90
-
SHA1
d3d5df580586d2bbab8eba1b7e0271828b37580e
-
SHA256
e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486
-
SHA512
da310805d1fdfb4d4bbad1ddd9daa8ab611f914d33f1dcbc23a8d16c71759aadecd485f67fc1fc017e297d28c1bc80fb7eaec5ef99a0b75b8849a011871a9e96
-
SSDEEP
6144:IlcfoLCm2AhVyVycDr3XiEDl+M8iFvjMlieJD6m/qNHcn7:MGSCmiVVD5Dl+yjMAq6rp2
Static task
static1
Behavioral task
behavioral1
Sample
e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://91.220.163.21/pony2/gate.php
Targets
-
-
Target
e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486
-
Size
516KB
-
MD5
bbd539c2f5907147c24614a1ed21de90
-
SHA1
d3d5df580586d2bbab8eba1b7e0271828b37580e
-
SHA256
e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486
-
SHA512
da310805d1fdfb4d4bbad1ddd9daa8ab611f914d33f1dcbc23a8d16c71759aadecd485f67fc1fc017e297d28c1bc80fb7eaec5ef99a0b75b8849a011871a9e96
-
SSDEEP
6144:IlcfoLCm2AhVyVycDr3XiEDl+M8iFvjMlieJD6m/qNHcn7:MGSCmiVVD5Dl+yjMAq6rp2
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-