Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Trojan.PackedNET.2235.1062.27589.exe
-
Size
898KB
-
Sample
230803-n3e8wsec6x
-
MD5
16b790fa266f1f6377b3bc9188467d63
-
SHA1
3000fb1fa046885e27cb7bc87812bdbfd5857ec3
-
SHA256
4767c41f81908b4c8afe3af843e684b65101f8e66e9ac7320b89b31d69e755b9
-
SHA512
28f5b52b89ab72dae896019f1a2de2a30f2142ea9763675aeea36b6e21f53908a97e846d5ac222feeaafc94eb310aded94a77abc80476b51fd87b45d6e1a7645
-
SSDEEP
24576:NWpppNpppppoOQpppNpppppoOzuayAeUvN+FZdjo1:NxO7OzAAe6+F7jo1
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.2235.1062.27589.exe
-
Size
898KB
-
MD5
16b790fa266f1f6377b3bc9188467d63
-
SHA1
3000fb1fa046885e27cb7bc87812bdbfd5857ec3
-
SHA256
4767c41f81908b4c8afe3af843e684b65101f8e66e9ac7320b89b31d69e755b9
-
SHA512
28f5b52b89ab72dae896019f1a2de2a30f2142ea9763675aeea36b6e21f53908a97e846d5ac222feeaafc94eb310aded94a77abc80476b51fd87b45d6e1a7645
-
SSDEEP
24576:NWpppNpppppoOQpppNpppppoOzuayAeUvN+FZdjo1:NxO7OzAAe6+F7jo1
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-