Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
susvir.exe
-
Size
66KB
-
Sample
230206-rgpf8aec37
-
MD5
28df9a92d49e842d38a1714f7a4066f0
-
SHA1
e747b57bfda77395a30245bb7573c4a1025e3046
-
SHA256
d122bf2d9b0225fab61da6ac2ea0cb8f58df8de0782c7e7d6d8683363e887f72
-
SHA512
59b027ac5d29d763888b437339a6484b367fb055be2c182146c49c87ce0a64a8ef21007db41bae6bcf2ebbc434695bdaafc083f3d6878eaf1a7cb476a423652f
-
SSDEEP
1536:ipfEKNCj6VoJl9Go5K7s4Nu3Am8ryEpdg0IP6nouy8:iVZ/VGS7rN+AFry50Iaout
Malware Config
Extracted
https://cdn.discordapp.com/attachments/1061066335255273553/1065810266320814180/pixel_sides_very_good.mp3
Extracted
https://cdn.discordapp.com/attachments/1061066335255273553/1065822549298126908/music.bat
Extracted
https://cdn.discordapp.com/attachments/1061066335255273553/1065807657358856232/no.bat
Extracted
https://cdn.discordapp.com/attachments/1061066335255273553/1065808951289065492/DO2.bat
Extracted
https://cdn.discordapp.com/attachments/1061066335255273553/1065808951624597555/virus.exe
Targets
-
-
Target
susvir.exe
-
Size
66KB
-
MD5
28df9a92d49e842d38a1714f7a4066f0
-
SHA1
e747b57bfda77395a30245bb7573c4a1025e3046
-
SHA256
d122bf2d9b0225fab61da6ac2ea0cb8f58df8de0782c7e7d6d8683363e887f72
-
SHA512
59b027ac5d29d763888b437339a6484b367fb055be2c182146c49c87ce0a64a8ef21007db41bae6bcf2ebbc434695bdaafc083f3d6878eaf1a7cb476a423652f
-
SSDEEP
1536:ipfEKNCj6VoJl9Go5K7s4Nu3Am8ryEpdg0IP6nouy8:iVZ/VGS7rN+AFry50Iaout
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-