Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PlanetsTherapy.rar

  • Size

    62.5MB

  • Sample

    231005-3d4brafh5z

  • MD5

    9188612210d47e9eb2ac08e8e39e7642

  • SHA1

    c16f83c57528ad1ae816f63d6eb040669f100deb

  • SHA256

    f0ee436d495dcdbb4c7d5e5568775a6e2fe6864d315dc13a664f381113818c09

  • SHA512

    fc7a9866b26fcca394315dff38897ecbf628b26ff30695c90ccb3077b7ebb1c349fb2fa3576996bda21dbd3399ae67752cbea293d6772728549c97f4ef82e3d6

  • SSDEEP

    1572864:Cx040xoudP+sOEvMFRWu0YJYwqgWvaL9DP9W:CqEuMEvosu0YyZWL9DPU

Score
7/10

Malware Config

Targets

    • Target

      PlanetsTherapy.exe

    • Size

      62.6MB

    • MD5

      b998aa1c8df4c584cde3bdcfda3cec90

    • SHA1

      3f81982b8f2af117c55d198a7c8f3a8982b7092e

    • SHA256

      b8e0487fda9be789a52eb8d266e15fc21f3a39f8b82294d59274da5c42683006

    • SHA512

      c2bc651d6640bfd2c0dc54f418633e448004e586913ff0bb7420c19f7931d556e5c07e9cd67e7e74810a201fbdb4bf2101df92e3284de428cba465680b88dfc7

    • SSDEEP

      1572864:Pm6T6EWMSIchHHhbC8EenoXdD36HduV5eVa:+6Tw5JHxCLdDKwVMVa

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks