Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
1CompleteSe...on.rar
windows7-x64
3CompleteSe...on.rar
windows10-2004-x64
3Full_PassWord.txt
windows7-x64
1Full_PassWord.txt
windows10-2004-x64
1Newest_Set...ey.rar
windows7-x64
3Newest_Set...ey.rar
windows10-2004-x64
3LicenseKey.txt
windows7-x64
1LicenseKey.txt
windows10-2004-x64
1SetupFile.exe
windows7-x64
10SetupFile.exe
windows10-2004-x64
10General
-
Target
CompleteSetup_Full_Version.rar
-
Size
17.0MB
-
Sample
230402-vv41lsah3z
-
MD5
bc6cb023f23e6d53f2f059d424f4738f
-
SHA1
898898c3325c384213d1d9c3daf75b0691bb7c02
-
SHA256
357fa83576ea6b70d17a9a22c049065817b89edad52a7a4cdcb4d2e9e0f9a0e0
-
SHA512
87790838ed68bd5c90f12a705a44bc9926a2be78c6511ac5a4ce4f27d51efc6a33e1fe9bf22f2a6089f40428ef236b231fa3d73d90d5dbdd7aee6db4d680aece
-
SSDEEP
393216:xVPeIaw7r0sXdzF6ANGfx4NmD8xo4rKAf9d92aMkOJSfa8TfZ77MX:xVPe9w7r0str3Nc8WmZcaPODAfZ77y
Static task
static1
Behavioral task
behavioral1
Sample
CompleteSetup_Full_Version.rar
Resource
win7-20230220-es
Behavioral task
behavioral2
Sample
CompleteSetup_Full_Version.rar
Resource
win10v2004-20230220-es
Behavioral task
behavioral3
Sample
Full_PassWord.txt
Resource
win7-20230220-es
Behavioral task
behavioral4
Sample
Full_PassWord.txt
Resource
win10v2004-20230221-es
Behavioral task
behavioral5
Sample
Newest_Setup_2023_As_PassKey.rar
Resource
win7-20230220-es
Behavioral task
behavioral6
Sample
Newest_Setup_2023_As_PassKey.rar
Resource
win10v2004-20230220-es
Behavioral task
behavioral7
Sample
LicenseKey.txt
Resource
win7-20230220-es
Behavioral task
behavioral8
Sample
LicenseKey.txt
Resource
win10v2004-20230220-es
Behavioral task
behavioral9
Sample
SetupFile.exe
Resource
win7-20230220-es
Behavioral task
behavioral10
Sample
SetupFile.exe
Resource
win10v2004-20230220-es
Malware Config
Extracted
raccoon
23883deb102ef0839fbfe8fcef1a5fc7
http://37.220.87.68
http://83.217.11.10
Targets
-
-
Target
CompleteSetup_Full_Version.rar
-
Size
17.0MB
-
MD5
bc6cb023f23e6d53f2f059d424f4738f
-
SHA1
898898c3325c384213d1d9c3daf75b0691bb7c02
-
SHA256
357fa83576ea6b70d17a9a22c049065817b89edad52a7a4cdcb4d2e9e0f9a0e0
-
SHA512
87790838ed68bd5c90f12a705a44bc9926a2be78c6511ac5a4ce4f27d51efc6a33e1fe9bf22f2a6089f40428ef236b231fa3d73d90d5dbdd7aee6db4d680aece
-
SSDEEP
393216:xVPeIaw7r0sXdzF6ANGfx4NmD8xo4rKAf9d92aMkOJSfa8TfZ77MX:xVPe9w7r0str3Nc8WmZcaPODAfZ77y
Score3/10 -
-
-
Target
Full_PassWord.txt
-
Size
1.1MB
-
MD5
7fd66ca3b881ea3c12ba8463d1c5392f
-
SHA1
5639c4f7895f9c20e1bf310b6554d0ef80bdb9bb
-
SHA256
041a5d50e9a15622ba4d04b38f2474e3bd3df6a5035fb7d71efbc872bb8876bd
-
SHA512
40bf14ca1452fa6afed86e26b245ffbf428781b61dd25d16bba503efd8d416c3aab5b0ee7cfbd0cc9df3b7461caeba0ff1196b260fe591e63984da85aeb27844
-
SSDEEP
24:bZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZz:n
Score1/10 -
-
-
Target
Newest_Setup_2023_As_PassKey.rar
-
Size
17.0MB
-
MD5
ea179d1c184f1e06ecdf6108d830e433
-
SHA1
b37571ad67cb43ccc1636405c79038c2bd1a4278
-
SHA256
00ff2c14c57fb9bfdf0a25f6c77195f3d8a61227388aca640586d00753a7acea
-
SHA512
3f376e5b54fcc465dad677012a40bbeb75096698cadeba4966bf0fcc94330c9aae3d14d235c536b83590d0d9fadf2f22a74e7c50b3694e88b9c1168489945fd0
-
SSDEEP
393216:tVPeIaw7r0sXdzF6ANGfx4NmD8xo4rKAf9d92aMkOJSfa8TfZ77M3:tVPe9w7r0str3Nc8WmZcaPODAfZ772
Score3/10 -
-
-
Target
LicenseKey.txt
-
Size
198KB
-
MD5
7ecd140d52e88b065fcb7d16946b424c
-
SHA1
1e6dec0e0bf63ba76202501d1eb9ee511ac0a59d
-
SHA256
aeda454a0b1ade74b120e3261af6a5cee990fe95a5c4848c7dd6334841c335c3
-
SHA512
dc93dc4e57a9f1a0d2cf88a4975dd99edae025baa669112d93aae0c3b2c31c1f0960fc4724f2cf9d36a1adb167d3116620de3308e9d55f886bf831dd5147904f
-
SSDEEP
3:tW7pwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpww:k0
Score1/10 -
-
-
Target
SetupFile.exe
-
Size
1023.0MB
-
MD5
3cd7c34bdce2201ec403163fa34bc67e
-
SHA1
87f1dd22c67315d6a823b244d6fe72758273c45a
-
SHA256
6d67096d24aef535924b065b49bc2f8b8dbe717d7e4ecae4e5daa45dcc2e193d
-
SHA512
c6c78986eb86ad2793215b187829d8b760047344ac6dfc9d5e38cc84035f7c20cd3c92435cce4b81157f0e4d942fdd97bbe9417a5241312399502f0ab585ef8d
-
SSDEEP
196608:NYzLzScvgh3AADZ7sMHEXBhb8Jrznl32LUTxqLrkSdNMjGYQcH7WTyCWxxPajesG:mjScvgh3A4dLHEx0rILKxC3+bGy96eyg
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-