Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
231KB
-
Sample
221228-mkyf3sac22
-
MD5
65373ca1501ea5eee86d6cfec11e0b93
-
SHA1
2b256b6d19c48b79bec386037465dcfc6527d610
-
SHA256
06082ff07e6a1d8c0f9fa2096e866d63fafbac246b596a600ee28c3eb6b094bf
-
SHA512
666047807783b478d0b5132ebbf9c76f636336b8c15f1ea172482e337cf9086bedfb8bb38314f60572df34be651d5d5d26762c9c6ea98a2a1d4f625f9cb615f1
-
SSDEEP
3072:jy8GLffxhTV5C5eyhw1w0f2TpS7xeuISMphWPtYKs/xAI99:+LnHTa5K7fMQ7k1LW1YDZ
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
gozi
Extracted
gozi
22500
confisg.edge.skype.com
http://
s28bxcw.xyz
config.edgse.skype.com
http://89.43.107.7
-
base_path
/recycle/
-
build
250249
-
exe_type
loader
-
extension
.alo
-
server_id
50
Extracted
amadey
3.63
62.204.41.165/g8sjnd3xe/index.php
Extracted
gozi
22500
confisg.edge.skype.com
http://s28bxcw.xyz
http://89.43.107.7
-
base_path
/recycle/
-
build
250249
-
exe_type
worker
-
extension
.alo
-
server_id
50
Targets
-
-
Target
file.exe
-
Size
231KB
-
MD5
65373ca1501ea5eee86d6cfec11e0b93
-
SHA1
2b256b6d19c48b79bec386037465dcfc6527d610
-
SHA256
06082ff07e6a1d8c0f9fa2096e866d63fafbac246b596a600ee28c3eb6b094bf
-
SHA512
666047807783b478d0b5132ebbf9c76f636336b8c15f1ea172482e337cf9086bedfb8bb38314f60572df34be651d5d5d26762c9c6ea98a2a1d4f625f9cb615f1
-
SSDEEP
3072:jy8GLffxhTV5C5eyhw1w0f2TpS7xeuISMphWPtYKs/xAI99:+LnHTa5K7fMQ7k1LW1YDZ
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-