Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Payment copy.exe
-
Size
948KB
-
Sample
231006-qt4k8sea99
-
MD5
b7a6ca258cb780f735090ba00802cd12
-
SHA1
9e3bfd9d546dee99434e7f228e96c8ea4179f579
-
SHA256
649cbde56fbdaf2f52343c1c584fbe1357cf4be19264d7f31a21a6c7078ecf18
-
SHA512
d82ac12df4447ba4548ac3c208ce47695445573c162ceb209a91df9b2cf29297fb0855f77f345272aba0c3d327bd7efe1d3f1e03043299c3bc6159ea9cde8a3a
-
SSDEEP
12288:qotzb+w6dJ1Nyeo+T5Qfssbe+SvpqnvGj7jlKUo7FrpHl7s9edPJi08ygYeEp:PtH+L9Xoe5/2SRqvGjbovl7s9eD
Static task
static1
Behavioral task
behavioral1
Sample
Payment copy.exe
Resource
win7-20230831-en
Malware Config
Extracted
Protocol: smtp- Host:
premium184.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
^HPUm$4%eL~b
Targets
-
-
Target
Payment copy.exe
-
Size
948KB
-
MD5
b7a6ca258cb780f735090ba00802cd12
-
SHA1
9e3bfd9d546dee99434e7f228e96c8ea4179f579
-
SHA256
649cbde56fbdaf2f52343c1c584fbe1357cf4be19264d7f31a21a6c7078ecf18
-
SHA512
d82ac12df4447ba4548ac3c208ce47695445573c162ceb209a91df9b2cf29297fb0855f77f345272aba0c3d327bd7efe1d3f1e03043299c3bc6159ea9cde8a3a
-
SSDEEP
12288:qotzb+w6dJ1Nyeo+T5Qfssbe+SvpqnvGj7jlKUo7FrpHl7s9edPJi08ygYeEp:PtH+L9Xoe5/2SRqvGjbovl7s9eD
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-