Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SHIPMENT SRK CONTRO.zip
-
Size
667KB
-
Sample
230816-pmrsesce8t
-
MD5
ff713daad2d3fd35b5ad0690cd8e4789
-
SHA1
bbaa0aecf8f2c5f962272b032fa1358e15fabf85
-
SHA256
5481f96217dc7e0bf68137087640a39ab609f4854cea9a13f92815c1c5a1adf9
-
SHA512
2a2f977beae09d576694d8d0ec166c655d17802353c8b6e04b4a419ab116d99fe62e70e4dc10a44306cd9279d9f1312b51c3e348551714d2970de98f160f7739
-
SSDEEP
12288:YzheP1/7qrGM4hYvbDvpnusiu4fo9RGUarVp9oQ6eF4M7+WFlWbgP/a5ct2kg:FN2rNbLBXiu4Q9RGUarBjl7+kOgaevg
Malware Config
Targets
-
-
Target
SHIPMENT SRK CONTRO.exe
-
Size
747KB
-
MD5
05d2b3c11cfa177346cd9bf722f93617
-
SHA1
76ff3c88e8e47ba832ac1351508186dc8e031205
-
SHA256
111955a5d7cb6b3059b043fd5cfd02827e0be24723c08133890836fc7b5c6121
-
SHA512
5e10cde7ac4141a2040a5155768a987c7d0df24415255925638090af15ea06465d301e40c367892af5ba37def6ff53a5241362e4795509b6419060cceb62a3d5
-
SSDEEP
12288:ncYFGGTIYlV2UwzPrJbJIKQt429aZaLVZ9oQSen4M7+W+yp2h0:cYFxIYlVNwTkF9aZaLtXL7+F90
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-