Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
MlсrоsоftЕdgеSеtup.appx
-
Size
3.6MB
-
Sample
231001-wxnl3sdh68
-
MD5
de2456b94b4d4019ad591379205ebd6e
-
SHA1
7f98a888fb52ed5627d7b374439ca14616f68d33
-
SHA256
788567d3cc693dd5d0dada9f4e1421755c1d74257544ba12b502f085a620585e
-
SHA512
abb726b87c0fc52159076fe7ee0a32d3667478cdb9959d206c9589e1e95210cfd7122268ac931c35aff43c6834d024ebfc597052aa3bcd936f6925a84aa2b540
-
SSDEEP
98304:dfic5es3aimY7NhbJpcdYyeuASKnRcfw9X:dKc5emmYvdM5euASKnRcfo
Static task
static1
Behavioral task
behavioral1
Sample
MlсrоsоftЕdgеSеtup.appx
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
MlсrоsоftЕdgеSеtup.appx
Resource
win10v2004-20230915-en
Malware Config
Extracted
raccoon
5e2505d8647542f05843f89ae7cd18e7
http://5.75.241.110:80
Targets
-
-
Target
MlсrоsоftЕdgеSеtup.appx
-
Size
3.6MB
-
MD5
de2456b94b4d4019ad591379205ebd6e
-
SHA1
7f98a888fb52ed5627d7b374439ca14616f68d33
-
SHA256
788567d3cc693dd5d0dada9f4e1421755c1d74257544ba12b502f085a620585e
-
SHA512
abb726b87c0fc52159076fe7ee0a32d3667478cdb9959d206c9589e1e95210cfd7122268ac931c35aff43c6834d024ebfc597052aa3bcd936f6925a84aa2b540
-
SSDEEP
98304:dfic5es3aimY7NhbJpcdYyeuASKnRcfw9X:dKc5emmYvdM5euASKnRcfo
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-