Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Request For Quotation.js
-
Size
926KB
-
Sample
230721-g52rcacc73
-
MD5
d88e96b01cbe12a5dbaefd28ccfcc7dc
-
SHA1
d1c01512b187176428440463eaae7b7d5be2aabf
-
SHA256
8cae71910574fa96fdf20ddab8897e90d155e50036ddb2f3d033a7b13a45b90f
-
SHA512
1dc22521994a390b97ad7e7880f1812b865a22b5c5681bacc3870f37baae37f2772e071f68a6a7b1669664f2c00d0f7c96d8815601bdcef69c43d008da348388
-
SSDEEP
6144:QQbl/QgzB5SMaGRnxrga5gxa17U7ck9d8JDr+DNgMPiColqGYXY/i/Dz9rcgVfEn:TNLfp
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quotation.js
Resource
win7-20230712-en
Malware Config
Extracted
wshrat
http://harold.2waky.com:3609
Targets
-
-
Target
Request For Quotation.js
-
Size
926KB
-
MD5
d88e96b01cbe12a5dbaefd28ccfcc7dc
-
SHA1
d1c01512b187176428440463eaae7b7d5be2aabf
-
SHA256
8cae71910574fa96fdf20ddab8897e90d155e50036ddb2f3d033a7b13a45b90f
-
SHA512
1dc22521994a390b97ad7e7880f1812b865a22b5c5681bacc3870f37baae37f2772e071f68a6a7b1669664f2c00d0f7c96d8815601bdcef69c43d008da348388
-
SSDEEP
6144:QQbl/QgzB5SMaGRnxrga5gxa17U7ck9d8JDr+DNgMPiColqGYXY/i/Dz9rcgVfEn:TNLfp
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-