Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b5d4330129d989156cb6df8fc.exe
-
Size
702KB
-
Sample
230709-t3nsxsfc7v
-
MD5
b85a427b9c8d95d8d7387ca53abc45f0
-
SHA1
f2653fe0c33d2704647c30e1ffe285c67ecd6e66
-
SHA256
b5d4330129d989156cb6df8fc9a95e1a45c4d57b8852cf5f720c80a0a6a4935f
-
SHA512
da053213da2b5e19788ee7a46cb3256482d965dc8523e3ffd757ea182482e57390a9922cb78f5a05defd2b1e3e0e7fb90a465818763351a7898f1a50ec3a45ff
-
SSDEEP
12288:RquErHF6xC9D6DmR1J98w4oknqOKw59XxYRcjnn+ClOq60XDv8OOTHiBHi:Url6kD68JmloO5TYI1lOq6sb8hTHAi
Behavioral task
behavioral1
Sample
b5d4330129d989156cb6df8fc.exe
Resource
win7-20230705-en
Malware Config
Extracted
pony
http://185.79.156.18/bit/03/gate.php
Targets
-
-
Target
b5d4330129d989156cb6df8fc.exe
-
Size
702KB
-
MD5
b85a427b9c8d95d8d7387ca53abc45f0
-
SHA1
f2653fe0c33d2704647c30e1ffe285c67ecd6e66
-
SHA256
b5d4330129d989156cb6df8fc9a95e1a45c4d57b8852cf5f720c80a0a6a4935f
-
SHA512
da053213da2b5e19788ee7a46cb3256482d965dc8523e3ffd757ea182482e57390a9922cb78f5a05defd2b1e3e0e7fb90a465818763351a7898f1a50ec3a45ff
-
SSDEEP
12288:RquErHF6xC9D6DmR1J98w4oknqOKw59XxYRcjnn+ClOq60XDv8OOTHiBHi:Url6kD68JmloO5TYI1lOq6sb8hTHAi
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-