Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JUNE-JULY SOA 2023.zip
-
Size
500KB
-
Sample
230815-nwqq2sae54
-
MD5
bbf7edd13ab0ca0c989ff60cf6148dea
-
SHA1
4f00f6a02266c0da97dca5aa61e87349902b4cae
-
SHA256
7ae9d08f55abb7966be487918cc3bc4ce87771b8a038503b05cb3a72942ea637
-
SHA512
de5aa649438b9f04cf3f232ac71a6de652162a003e7cb6fffa3c09651cc16ed89a393d74d6a9a86b3799c9dc3bcc2794621ca7a9c20a2f9ba67bd805284f0754
-
SSDEEP
12288:MWbOqgaBBCy+EcceJZw7OGg2iaHHGmZPC2JmqlF2+N18Mb3LI9qEIFPZ:pbOqg++DJCaGcmZaFCFNN18M3mG
Malware Config
Targets
-
-
Target
JUNE-JULY SOA 2023.exe
-
Size
792KB
-
MD5
0e842fe358b1b58b27f656e6a560a384
-
SHA1
8d74628d62c52de01c5df2d663c87aedde613c71
-
SHA256
b86b07dd168ae86bbfc16822df78793e8fbf52401673636047e8472fcd78ff26
-
SHA512
84ec1bf1b7396b9ec6576a945fa825e578a6076c6b5aa3f2596af5461204590cd3dfe61e6780adea56137981cfd377f6456256f0f9e23cf7fcddc661c524e6fe
-
SSDEEP
24576:ROguGvTGa60CZQPCFVNr8MxKRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppb:vuuPV1QVNr8TRs6CE3jLbO9Rs6CE3jL6
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-