Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
blender-3.4.1-windows-x64.zip
-
Size
37.7MB
-
Sample
230202-l95q1sfg53
-
MD5
f6eb7c2454d338a9091d5fc6587697c5
-
SHA1
ee34e99ef60332991e674f97a06646cd339b8a26
-
SHA256
c86bf5719eb23f11675b17c37e43e0c0a76af143ff1e2dce815037ef8ecb9a42
-
SHA512
7f879c01f9f23a288bdeacdac0aa6c4ba2ebb3cdfc70e344ad9d1f44c4e8fa1ef044f1ab9db32a043c699e03120611c5e33d49033a7c26d89293ec69ee6220c8
-
SSDEEP
786432:Edn8DPEUWeuUsHjk1eEZAY4oMKWD89BUxUxN:EdmnHsHAxZAHKWI9BYUD
Malware Config
Targets
-
-
Target
blender-3.4.1-windows-x64.exe
-
Size
683.8MB
-
MD5
aedf8960317a0effcd89c5d816137067
-
SHA1
4e074a8e180a9d3248f5fceadf28ea4f7146b33e
-
SHA256
eeaaa0e20ba43f13e0b62862979abe7f50bb558a812fc4aa729e946fdbe54e98
-
SHA512
f1e7d861e01ebcc69cad9cceee712885ef1739a84923787bfe7d9e5e9e108b2721b2a1e916e4a33fa947ac84ed6010c1d32fdf0091b3a9ca7f34738a6be6981a
-
SSDEEP
3072:mcqqdOyJocZB0O7i4Cg3DILI48p8ERDuwBbEUA:T/dOyJovrg3/ppDuwBYU
Score10/10-
Detect PureCrypter injector
-
Modifies WinLogon for persistence
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-