Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Nitro Giveaway.exe
-
Size
4.5MB
-
Sample
230723-3leclahf3s
-
MD5
ac1c1e0f6655f7e96cc0462892b3ed6d
-
SHA1
115c61abbfab4adad6cd9ac43f9c3cd843419371
-
SHA256
82a1371c11aec9e8090bb454b1e82325600f090c281f9035478f39ed2c5e1f98
-
SHA512
0ed002fc47d48775880fe429ca17f8c8afda85d9baee826470ddf4be276071cfbc39cb2801c6c114a2121adbbfe98385a4f78dc5b083d3ee8fd81619132fdf89
-
SSDEEP
98304:TQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:KzUcwti7TQlF3ZxxWJSUnDv
Static task
static1
Behavioral task
behavioral1
Sample
Nitro Giveaway.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
Nitro Giveaway.exe
-
Size
4.5MB
-
MD5
ac1c1e0f6655f7e96cc0462892b3ed6d
-
SHA1
115c61abbfab4adad6cd9ac43f9c3cd843419371
-
SHA256
82a1371c11aec9e8090bb454b1e82325600f090c281f9035478f39ed2c5e1f98
-
SHA512
0ed002fc47d48775880fe429ca17f8c8afda85d9baee826470ddf4be276071cfbc39cb2801c6c114a2121adbbfe98385a4f78dc5b083d3ee8fd81619132fdf89
-
SSDEEP
98304:TQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:KzUcwti7TQlF3ZxxWJSUnDv
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-