Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
49dbad7d49d0a55a65427008daa3502efbc778134b6f44067ecd6d96f0374d55
-
Size
4.3MB
-
Sample
230508-hj38qahc95
-
MD5
e74d882ca11fd560a7dad0422a7c6071
-
SHA1
116b33fb95fc1838fe043ecba53288d30caf711d
-
SHA256
49dbad7d49d0a55a65427008daa3502efbc778134b6f44067ecd6d96f0374d55
-
SHA512
9e3ac6efba64acddd5b4dd29985016bcfed4543959763b9dfc969ea7fcbac00ee9039f417f044a9f7fae398d3555d5a4c25880d60ca39a837552b741ded1b073
-
SSDEEP
98304:V391/pVv0pCGreIDIb0RyttgDcNYAIfVrBRDYbYpbGeBvx:V39p0paIHyUgIfVrL8bAbGeB
Static task
static1
Malware Config
Extracted
amadey
3.70
77.73.134.27/n9kdjc3xSf/index.php
Targets
-
-
Target
49dbad7d49d0a55a65427008daa3502efbc778134b6f44067ecd6d96f0374d55
-
Size
4.3MB
-
MD5
e74d882ca11fd560a7dad0422a7c6071
-
SHA1
116b33fb95fc1838fe043ecba53288d30caf711d
-
SHA256
49dbad7d49d0a55a65427008daa3502efbc778134b6f44067ecd6d96f0374d55
-
SHA512
9e3ac6efba64acddd5b4dd29985016bcfed4543959763b9dfc969ea7fcbac00ee9039f417f044a9f7fae398d3555d5a4c25880d60ca39a837552b741ded1b073
-
SSDEEP
98304:V391/pVv0pCGreIDIb0RyttgDcNYAIfVrBRDYbYpbGeBvx:V39p0paIHyUgIfVrL8bAbGeB
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-