Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a95ce284875645f9a3d03d5df48b51a04f6933b2cf10a.exe
-
Size
5.8MB
-
Sample
230206-q2zbgshd6y
-
MD5
d00f2fedb3b345812dbeb9931d4806b6
-
SHA1
361648d679b3c2f8957fa45c2f29fe922204f542
-
SHA256
a95ce284875645f9a3d03d5df48b51a04f6933b2cf10aff3cb0a094fb1e3f89d
-
SHA512
be65349f5f85026fe4e1892b90d7f11f3a9e39440fb821391e67c4776aa638cb6086952adb719d223180f1cc345deb6977c882141afc31baab2b47aad539bcda
-
SSDEEP
98304:omyYbPZoUnM0BznCOKDxRWxnvNWJAq6R+Yxkzi0os:fZMcu0xVWJiVp0os
Static task
static1
Behavioral task
behavioral1
Sample
a95ce284875645f9a3d03d5df48b51a04f6933b2cf10a.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
a95ce284875645f9a3d03d5df48b51a04f6933b2cf10a.exe
-
Size
5.8MB
-
MD5
d00f2fedb3b345812dbeb9931d4806b6
-
SHA1
361648d679b3c2f8957fa45c2f29fe922204f542
-
SHA256
a95ce284875645f9a3d03d5df48b51a04f6933b2cf10aff3cb0a094fb1e3f89d
-
SHA512
be65349f5f85026fe4e1892b90d7f11f3a9e39440fb821391e67c4776aa638cb6086952adb719d223180f1cc345deb6977c882141afc31baab2b47aad539bcda
-
SSDEEP
98304:omyYbPZoUnM0BznCOKDxRWxnvNWJAq6R+Yxkzi0os:fZMcu0xVWJiVp0os
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-