Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bd47dad114f41aa8f1497229446d683afe96ba9617959ec0caccfb2ffe6b5254
-
Size
833KB
-
Sample
221203-rhch2sgb55
-
MD5
ef340e8cf4f94565b1d75b56badb3b9d
-
SHA1
e9c8892e1978d20ad65398bfa873afac3d937fa7
-
SHA256
bd47dad114f41aa8f1497229446d683afe96ba9617959ec0caccfb2ffe6b5254
-
SHA512
5b6c11178e9eb3e965db330be5d88a218490834f8a2a89d4f1247a93322f9d52fef193b3e000c1853f06caed23231d6bd71af3ed9c42e2c1d7932c9d2f821731
-
SSDEEP
1536:ybcbXVDMo9fgw5Y0ZlUmp/xLVQ8GW9AWPdApTbJ7mLcaQ9yrKYcU:yWMot5Y0Z2enQ8G0AVpTTaOyrv
Malware Config
Targets
-
-
Target
bd47dad114f41aa8f1497229446d683afe96ba9617959ec0caccfb2ffe6b5254
-
Size
833KB
-
MD5
ef340e8cf4f94565b1d75b56badb3b9d
-
SHA1
e9c8892e1978d20ad65398bfa873afac3d937fa7
-
SHA256
bd47dad114f41aa8f1497229446d683afe96ba9617959ec0caccfb2ffe6b5254
-
SHA512
5b6c11178e9eb3e965db330be5d88a218490834f8a2a89d4f1247a93322f9d52fef193b3e000c1853f06caed23231d6bd71af3ed9c42e2c1d7932c9d2f821731
-
SSDEEP
1536:ybcbXVDMo9fgw5Y0ZlUmp/xLVQ8GW9AWPdApTbJ7mLcaQ9yrKYcU:yWMot5Y0Z2enQ8G0AVpTTaOyrv
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-