Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
test_bat_c.zip
-
Size
10.6MB
-
Sample
230518-gc1ctahg96
-
MD5
7b76c79a2a072de74409a6bc87f1e08e
-
SHA1
7506893958b18a466aeafb32f2e926194887f248
-
SHA256
36682e454c21cf545e611f5b5de9115c164433a75b4b20e10e31c37e785c2a14
-
SHA512
49180cb178e714e1f444a128abb27b65a3f1bfecda10777106962a25da60ba16a63f791cc80fba5f34a0c6bd800d03966de71d16d1075995e11cd58f7b7b2868
-
SSDEEP
196608:hOjiwJ1nC8JY26OVSHB/E1pYNPC+UlSmZu40tOoFQUGuGDVlPvrwC7eJYd3/yT9:hOjie1nJY264kJkpYNPVUq40tjcHE4el
Static task
static1
Behavioral task
behavioral1
Sample
test_bat_c/96c2a10be0c3dbe0d46fd81787b72d26aabab425cc5b0cc317f2035f272294c7.bat
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
test_bat_c/96c2a10be0c3dbe0d46fd81787b72d26aabab425cc5b0cc317f2035f272294c7.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
test_bat_c/e8057880d925de1696612198fce75da7cb732e08c6c4756547484d46e25d9f20.bat
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
test_bat_c/e8057880d925de1696612198fce75da7cb732e08c6c4756547484d46e25d9f20.bat
Resource
win10v2004-20230221-en
Malware Config
Extracted
bitrat
1.38
91.151.89.242:3434
-
communication_password
3c3662bcb661d6de679c636744c66b62
-
tor_process
tor
Targets
-
-
Target
test_bat_c/96c2a10be0c3dbe0d46fd81787b72d26aabab425cc5b0cc317f2035f272294c7.bat
-
Size
3.8MB
-
MD5
6fc558d212f65828c274f27909e51aa7
-
SHA1
612487c386d838f506021ff846b47944b255a6a3
-
SHA256
96c2a10be0c3dbe0d46fd81787b72d26aabab425cc5b0cc317f2035f272294c7
-
SHA512
a9a2218f65e5c48c8906505f1da7061179e2a749c6e93146ea33badfb0d4bda04433861d144aa4decccaca2e1c4ddf0db67e749602cf1d41091c29426c8cab1c
-
SSDEEP
49152:2EqA3wg9X6szO4oX2nOw/YNBsXCzJtitbEbyzIBlkW1fMxpqZ8tAO3:z
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
test_bat_c/e8057880d925de1696612198fce75da7cb732e08c6c4756547484d46e25d9f20.bat
-
Size
10.3MB
-
MD5
db149b83156f710e18e2233db671dc56
-
SHA1
ab3a8d2ec8edffb4ac434f11d4af01de8605f558
-
SHA256
e8057880d925de1696612198fce75da7cb732e08c6c4756547484d46e25d9f20
-
SHA512
21b8d53854978077ea362c75fa0ceebab864a63c62d1b4cf65fcd5d9c74db23144f824957d877825e247fae786183a672e458a7b623364a9df85df34c4c424bf
-
SSDEEP
49152:NgsDwfz/8H9hPHoep7Qf0f1on7wl/Y/I+3CEwYwmFK4ulynWtDWxTQP4zCrpaeNB:/
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-