Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4670642871488cfbcde9d6b9bf72e511444b46ebbfdbdd843303f8f0227c3244
-
Size
599KB
-
Sample
230504-swyh4sdd28
-
MD5
41e8e095b3d8db6a338cca5fe04b521a
-
SHA1
d597206774c980fd51ac29e80468eb9d8f8d38e8
-
SHA256
4670642871488cfbcde9d6b9bf72e511444b46ebbfdbdd843303f8f0227c3244
-
SHA512
c61d3d5c939cc990f7e2d9ddaaa07940b3ec7e3fc0302c011d8b8a0ced286d3818fb480ae6e9348398c8678490fb33c72481b52639bd13d8175a00a760cd0d9d
-
SSDEEP
12288:1MrAy90f3YITAO5KwUoX1IgtP8mmMGV7BM1+GLq0ula1iVz97gvAM:ZySVOgagWxMGRBYFLPXm9EvAM
Static task
static1
Malware Config
Targets
-
-
Target
4670642871488cfbcde9d6b9bf72e511444b46ebbfdbdd843303f8f0227c3244
-
Size
599KB
-
MD5
41e8e095b3d8db6a338cca5fe04b521a
-
SHA1
d597206774c980fd51ac29e80468eb9d8f8d38e8
-
SHA256
4670642871488cfbcde9d6b9bf72e511444b46ebbfdbdd843303f8f0227c3244
-
SHA512
c61d3d5c939cc990f7e2d9ddaaa07940b3ec7e3fc0302c011d8b8a0ced286d3818fb480ae6e9348398c8678490fb33c72481b52639bd13d8175a00a760cd0d9d
-
SSDEEP
12288:1MrAy90f3YITAO5KwUoX1IgtP8mmMGV7BM1+GLq0ula1iVz97gvAM:ZySVOgagWxMGRBYFLPXm9EvAM
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-