Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a95ce284875645f9a3d03d5df48b51a04f6933b2cf10a.exe

  • Size

    5.8MB

  • Sample

    230206-q2zbgshd6y

  • MD5

    d00f2fedb3b345812dbeb9931d4806b6

  • SHA1

    361648d679b3c2f8957fa45c2f29fe922204f542

  • SHA256

    a95ce284875645f9a3d03d5df48b51a04f6933b2cf10aff3cb0a094fb1e3f89d

  • SHA512

    be65349f5f85026fe4e1892b90d7f11f3a9e39440fb821391e67c4776aa638cb6086952adb719d223180f1cc345deb6977c882141afc31baab2b47aad539bcda

  • SSDEEP

    98304:omyYbPZoUnM0BznCOKDxRWxnvNWJAq6R+Yxkzi0os:fZMcu0xVWJiVp0os

Malware Config

Targets

    • Target

      a95ce284875645f9a3d03d5df48b51a04f6933b2cf10a.exe

    • Size

      5.8MB

    • MD5

      d00f2fedb3b345812dbeb9931d4806b6

    • SHA1

      361648d679b3c2f8957fa45c2f29fe922204f542

    • SHA256

      a95ce284875645f9a3d03d5df48b51a04f6933b2cf10aff3cb0a094fb1e3f89d

    • SHA512

      be65349f5f85026fe4e1892b90d7f11f3a9e39440fb821391e67c4776aa638cb6086952adb719d223180f1cc345deb6977c882141afc31baab2b47aad539bcda

    • SSDEEP

      98304:omyYbPZoUnM0BznCOKDxRWxnvNWJAq6R+Yxkzi0os:fZMcu0xVWJiVp0os

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks