Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
toba22bbc.exe
-
Size
977KB
-
Sample
230420-pm6lksbg9v
-
MD5
13348cb1966e434e5cb63b82e42291b7
-
SHA1
0c8c616bbdf2b7996358142af6a6ba886fc2b2a9
-
SHA256
edcf7182460deb84c07d79968ebb518cc9c8611148a4eb0e1e37b78ff175f275
-
SHA512
0c9f23bd9e17dad82ae5a634ac92f252e522f76de693e82210449bcb08e6038880a8a4a028632cd74764d2778f141d0cfd39754ee06348007e1b90968654643b
-
SSDEEP
24576:8FUrdbfahvepYoeyAmzhocZn+M+WGDBGkV:8Yb1bPhoCnD+WGIkV
Static task
static1
Behavioral task
behavioral1
Sample
toba22bbc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
toba22bbc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
premium251.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
Y&aIvOB1dbH9##
Targets
-
-
Target
toba22bbc.exe
-
Size
977KB
-
MD5
13348cb1966e434e5cb63b82e42291b7
-
SHA1
0c8c616bbdf2b7996358142af6a6ba886fc2b2a9
-
SHA256
edcf7182460deb84c07d79968ebb518cc9c8611148a4eb0e1e37b78ff175f275
-
SHA512
0c9f23bd9e17dad82ae5a634ac92f252e522f76de693e82210449bcb08e6038880a8a4a028632cd74764d2778f141d0cfd39754ee06348007e1b90968654643b
-
SSDEEP
24576:8FUrdbfahvepYoeyAmzhocZn+M+WGDBGkV:8Yb1bPhoCnD+WGIkV
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-