Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660
-
Size
149KB
-
Sample
221128-g8s9dagd9t
-
MD5
13e1538d403a3618db92ad0700f08b5f
-
SHA1
1587263acf5a662d8f2f202c36bedec0cbf02b2e
-
SHA256
1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660
-
SHA512
5b895dbcba1a1fc98e849b1dbb5f9b0842577fe1e1fa827c61d428d75e5c03f039479be77ffc5eee83e520ff9f7d6843aa5020cae902e4e84c1c505c67ce9014
-
SSDEEP
3072:3VhJZAxYQRZEPtEhdny8G3j28ffU1xZfVZFcmIdkbsuPXMbGNonigN:3VhJ+O8YtEhAw8XU1DPVQu02Ui
Static task
static1
Behavioral task
behavioral1
Sample
1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://ocvitcamap.com/administrator/lib/cheapoakley.php
http://spark-leds.com/upload/images/images.php
http://sapacmold.com/img/t/t.php
http://www.ubikate.mx/wp-includes/images/images.php
http://www.ebouw.nl/wp-includes/pomo/pomo.php
http://www.getserved.nl/wp-content/themes/themes.php
http://www.multiposting.nl/wp-includes/theme-compat/ips_kernel.php
Targets
-
-
Target
1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660
-
Size
149KB
-
MD5
13e1538d403a3618db92ad0700f08b5f
-
SHA1
1587263acf5a662d8f2f202c36bedec0cbf02b2e
-
SHA256
1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660
-
SHA512
5b895dbcba1a1fc98e849b1dbb5f9b0842577fe1e1fa827c61d428d75e5c03f039479be77ffc5eee83e520ff9f7d6843aa5020cae902e4e84c1c505c67ce9014
-
SSDEEP
3072:3VhJZAxYQRZEPtEhdny8G3j28ffU1xZfVZFcmIdkbsuPXMbGNonigN:3VhJ+O8YtEhAw8XU1DPVQu02Ui
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-