Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AWB 9057382937.ace
-
Size
612KB
-
Sample
230816-nee8zscc41
-
MD5
f684327629a64d5766d44a7fd1ed8c0d
-
SHA1
ba25903b8e15616f89c0ad109357d7a1e6e249e0
-
SHA256
74b62ded9e42fa2082bb7615a4872fbe45c61736c748a3855ab1329ed7b29543
-
SHA512
986f0be513b86555c3260f36b08748591877ba251d7e28f742814afde1da5961285c587b88b189094267bfaf71d419a2225b012c79287dca32912254074f9f32
-
SSDEEP
12288:/GNJXDVvIr606Y9fzcMHfmY6wA0cNqqwQ8HC5nihSUwzxAkHFnGtEwHn1TXl:EJzVKrn9foMHfmY6wZcdwi5iXSqkHFno
Malware Config
Targets
-
-
Target
AWB 9057382937.exe
-
Size
793KB
-
MD5
e67d13c3670436b5a242a01aa59c70c0
-
SHA1
43b470a7f37a158396d34d35c62c7f4d6cb55d2d
-
SHA256
497963cdcfec245455b229692d32c1f6cb8250b86be44fbe747e441552ae2bba
-
SHA512
47786313ebbdbc0f37b0096295ebd3294bec05c29e16d9501572321a1598c73cd365b0159b186724cc66399807b5d9d6db910ddf59b3b3e147bf852f1da602ea
-
SSDEEP
12288:NZnDZtz9se3FOIac6yDpq816ZWnwNKEpFHfiQ6b+ZWttSp:N/tJxM/c6yFqYw9F/iQsPttSp
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-