Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
New Quotation.7z
-
Size
529KB
-
Sample
230130-tmc2gsba55
-
MD5
534cb6d1c5084250caf5239d8e05db7a
-
SHA1
ef0b0b2a5d3ad30ca6e5bf615befb25c96a65a2a
-
SHA256
497684ceabf5da3ee11efa2a7879022e8d23b4930428d32518ba8c884a1801ab
-
SHA512
31de7d47bdcbb97b68ee42cf210fadcc786ce037506b8773e50be94034bbe5845d6d3c31117eb26e46f472d8785b0cdf5f1a6962a83b5c71395766faaf5f51f0
-
SSDEEP
12288:XXYCXcbNBnvB8UW5KgEot1aqAITTu2qiljwlBXj4d+kkzRv:nYGcDvB8B5dztIq9TT9pABXj4d+5lv
Static task
static1
Behavioral task
behavioral1
Sample
New Quotation.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
New Quotation.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.unrc.ir - Port:
587 - Username:
[email protected] - Password:
Basiri@1334
Targets
-
-
Target
New Quotation.exe
-
Size
735KB
-
MD5
8dd1e01db55e06e3375a55cee3193009
-
SHA1
898dc231d09beb2abc5de9202f23edd80c20be10
-
SHA256
fe867d208300886903bd50f715079f84291b6930c8b2aef827219b9689991f4f
-
SHA512
f5d64e51ac6b61ff62eb31724300a0d0cb260e6485f13d1c6fd6f10b6d8bfa80ac5b6a82f1d341e5200adf5048bd50e974bcb8aa73a8b707822384f2018628ce
-
SSDEEP
12288:1wFkvEsa40+w0DtzsROLdrClNDndaIuxAe/CE1OOGOO/OOUYvY89QY6vTNUW5KgS:iUE4zsYxcNDndNuxAe/CEREYPvTNB5dS
Score10/10-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-