Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Checkers GOOD.rar

  • Size

    46.3MB

  • Sample

    230205-t85zdsde5y

  • MD5

    77a2d24a0ee11a7116a5c8c01ada0352

  • SHA1

    8927aa2e78308ea5c40d5a567a12dc6215c808dd

  • SHA256

    ac86a4c56421cbe12257e2bf68d282f1309ea3d9fa96358938255708039d4cfa

  • SHA512

    91bd504a56950e3d6cc50cf2c2d35eb9c70ac02830ee017c12b42d40fbf3ba6419a31c9c5389c030b7c925b4527ab3327b53e2f85c1a913a26b94ddedface618

  • SSDEEP

    786432:6Ei0stuH2MDqQ0i091Ub4PDrfHRlszd+zAv44mL+fryeBZa8/snKtV3t0M1Gi:suw9Cb4n85VNfryeBZa80nKtVd

Malware Config

Targets

    • Target

      Checkers GOOD/Bin checker V5.2/Gen.exe

    • Size

      8.3MB

    • MD5

      e26dba74134563a5923a324c982c815f

    • SHA1

      b972cceb5e274709ba0f2026205422bdb6532fcf

    • SHA256

      77310fc015a21162faaeb76d0b70078ea23178e2208fb92e39f2aae44aaed39b

    • SHA512

      7bced0da84a5602e1dd3abf186074b44ace0d3481475039e3b8b67411751e170e824facbc8259fac92af23812ba68d5f4eebd85b741a6146f462f187d9bf6f37

    • SSDEEP

      196608:zDypb7KX/HdpSEeNT9iBqcEOVc1tYPQksBq:yYXP+7ELVEtT

    Score
    9/10
    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Checkers GOOD/Crunchyroll Cheker/Crunchyroll.exe

    • Size

      310KB

    • MD5

      58f8fa9fdf9d8e49769d8dad44e1a245

    • SHA1

      6972f73f6e134bd5e3cdc7915036268a25723498

    • SHA256

      dc64c24820e7239566bf553379088cdac1a17fd8b2a69772895c19d766dc6b35

    • SHA512

      1c113a2412bc5ab76f29acf376d8ad4f5c2061f3a48c0501d5f549de7fff4407e6dc2847aed18b0f5a528ae0df3bb64eb006f0e8a58bf419de3e3d5aef6b6fee

    • SSDEEP

      6144:ZcA2GdeSIH/eQSCg3x0QIeFpq2ImBhUU7ZozomIgxuw9GSaOpq2p:ZjdZs/eQSCfQNUs7ZSIQuwgS

    Score
    1/10
    • Target

      Checkers GOOD/Disney checker/Disney+ [Dark Kraken Team].exe

    • Size

      97KB

    • MD5

      4a69704a613b251e7198d8bd729855d0

    • SHA1

      90fe5cd3042461ef1e49db4c847c31b0909a0e11

    • SHA256

      3fe495de3a7cc8aaf1df72f29c40c6d02fa6dccd1f113f4424193359e39f4d74

    • SHA512

      accd4a5512c0b812f4a1068fc8c8c4ac2182fda7203dec7b67c8c982a72c476e76be189f92d6bcf20b9a99783018a6b4aa7476913baa74ef5916cdee25ab3c59

    • SSDEEP

      1536:MKqrlGiczL+vCW8ax74vwoeFmQBmqfVRbC93hGaNufV:MKqrqL+vCW8i44RX8qfi931NSV

    Score
    1/10
    • Target

      Checkers GOOD/Netflix Cheker v9.6/NOERRORSAIO/N̶o̵E̶r̴r̸o̴r̸s̸A̷I̵O̶.exe

    • Size

      16.9MB

    • MD5

      34d1a41789d161c6666a434e1dd70187

    • SHA1

      142dc0a3b352f014c9cb725fe44472561eaf781a

    • SHA256

      1ec79c06681f3fdf0f4e167f10fb9d1909be4eda70c83a875d4e89f69ac73a0e

    • SHA512

      8bdea9469b924f9cf5b17070937cea43218cc7abe87d9d1a6e0bac806b8e830e604ee67c1b094a13ae4645c9b8e2d40ac37d2e9fc95bb0b47bf628e498411d2d

    • SSDEEP

      393216:WlCt+consp7o9c5hlE7KHxSkszlh2p6dPNuHi3SedFQ8dU9+cijj0:Wy+consp7IEh+keQp6XuHi3TjQ8S9Sjj

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Checkers GOOD/PornHub Checker HQ/Pornhub.exe

    • Size

      17KB

    • MD5

      32cc9567c01934eb3ae67d3c17fc8c37

    • SHA1

      c019a205e06100c222fb58cfcff8d2929b5a23a2

    • SHA256

      98d8fb543eafd1fea702eb5aaa54718b6ffd8aea71d8cc5c61535d76dcfd0760

    • SHA512

      fe1326a33e5d7a19fc49920d97ad280511987eccd8463b4282464fcf7f31f3b87be6f0b4c41a6db443b291d68b449c05d64fe11a45c8358f1fa3dee2ad9efce5

    • SSDEEP

      384:iUGsaaKAziaAWX2MzlTSim70NT8TSn+WSfKu:iUGyj6qpMfr

    Score
    1/10
    • Target

      Checkers GOOD/Spotify Checker Sylas Working/Spotify Checker.exe

    • Size

      795KB

    • MD5

      2dd25a5d7256481c9e132bd3be497e25

    • SHA1

      d08210e6eb33f8aee09fa78985008770d7bc0576

    • SHA256

      f7ac525a84edc3909de30475e993b41c034003c9304eed3536881f56ffc4b149

    • SHA512

      96686ff7dccb57492c4aa0236dfcb6a4bf18e0d62f67371112747391ce76ec5d099036afe1e4397b45ce61e4d7b2e246f8cc5d5b1ec502236f470965cc276fb6

    • SSDEEP

      12288:FJHdi/25l0H7fEs0XTKFw+nx0F5R+mwOcCf1OQZc3hIpfAl/AxhVf2i96ID:FJHdOGleEJXUwQ+5bdN0aEWfl9

    Score
    5/10
    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks