Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Discord_Raider.exe
-
Size
2.8MB
-
Sample
230413-vhwtgaeb6w
-
MD5
5238bf37a0c3a5501ecf2ede42e5f7e3
-
SHA1
08618aba7eae5b2b630871b62cd34b6f35a93af9
-
SHA256
736638cd73af6c935574c399d9df6734707935ec6a417adf9f399598dc5e8657
-
SHA512
e40a2d64155c01185818104b3ddf2e89ad4471977f0e8795718f6dbde043a2e152d3a004fcd52d518277c79d12678bfb930a328038db596fd8cd5b23d6fe6ea5
-
SSDEEP
49152:YsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:SqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
Malware Config
Targets
-
-
Target
Discord_Raider.exe
-
Size
2.8MB
-
MD5
5238bf37a0c3a5501ecf2ede42e5f7e3
-
SHA1
08618aba7eae5b2b630871b62cd34b6f35a93af9
-
SHA256
736638cd73af6c935574c399d9df6734707935ec6a417adf9f399598dc5e8657
-
SHA512
e40a2d64155c01185818104b3ddf2e89ad4471977f0e8795718f6dbde043a2e152d3a004fcd52d518277c79d12678bfb930a328038db596fd8cd5b23d6fe6ea5
-
SSDEEP
49152:YsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:SqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
Score9/10-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-