Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
testlibidrequest.exe.bin
-
Size
183KB
-
Sample
230505-zs9wasgh3s
-
MD5
c2302bfa2c8c29f71e98ebf44f33b9a4
-
SHA1
2c2d10c1203a4e18fe912069ab702720239dd00f
-
SHA256
138a262303b34cf0da63a5a8d32217db66f97ef5873dbac0f51ada3659c8cb3f
-
SHA512
9d0a67476039b8f26216af1c9d56c0f0e6a6d4797eab2640e2f1720d0e451ca09459e2293a0dd66f60325688cba17ad82f9b62cb3fabfb118c2f40950168b0e6
-
SSDEEP
3072:BXPyScIGLPEPYtsCUwJRuuZES9bVMO0pJLjTTC9nAk9lI6FZ/8y2FP8iKIaQnzHz:djgZES9bVP0pJLjTTC9nAk9lI6FV2Lu
Behavioral task
behavioral1
Sample
testlibidrequest.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
testlibidrequest.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gurcu
https://api.telegram.org/bot6278551241:AAGQ87XJeSopFO3i5HU3dXW_vXCr-ESRByQ/sendMessage?chat_id=1396661331
Targets
-
-
Target
testlibidrequest.exe.bin
-
Size
183KB
-
MD5
c2302bfa2c8c29f71e98ebf44f33b9a4
-
SHA1
2c2d10c1203a4e18fe912069ab702720239dd00f
-
SHA256
138a262303b34cf0da63a5a8d32217db66f97ef5873dbac0f51ada3659c8cb3f
-
SHA512
9d0a67476039b8f26216af1c9d56c0f0e6a6d4797eab2640e2f1720d0e451ca09459e2293a0dd66f60325688cba17ad82f9b62cb3fabfb118c2f40950168b0e6
-
SSDEEP
3072:BXPyScIGLPEPYtsCUwJRuuZES9bVMO0pJLjTTC9nAk9lI6FZ/8y2FP8iKIaQnzHz:djgZES9bVP0pJLjTTC9nAk9lI6FV2Lu
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-