Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
294KB
-
Sample
231012-grs72sdd48
-
MD5
0ad8d40baae0644d4e3d994c5a8405ac
-
SHA1
ce9da8f3d3a618571e7c51e0dc42133e26ded313
-
SHA256
bd1a7304c5cc386fb5b1291dc81a28c2fd6d9c6189fab48fffd31e1ddd18ddd1
-
SHA512
e86d07ef2812cf26f2daf6b67dcff19ab05e516bddf2305507e94ca441af55e5e836e68d45602e33354c3fae88a27299f7f6a250c36fbec0d8e1f3fe4079b966
-
SSDEEP
3072:peJCXZpXSivGjYTBxSrTRKTABujHdYoJWxg1NsyfkAhhigM+kiMg87dB:OCZtSdSxWTAJ0xgI8kShigUg8Z
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
Protocol: ftp- Host:
195.85.115.195 - Port:
21 - Username:
TEST3 - Password:
159753
Extracted
Protocol: ftp- Host:
195.85.115.195 - Port:
21 - Username:
test - Password:
test
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://gudintas.at/tmp/
http://pik96.ru/tmp/
http://rosatiauto.com/tmp/
http://kingpirate.ru/tmp/
Targets
-
-
Target
file.exe
-
Size
294KB
-
MD5
0ad8d40baae0644d4e3d994c5a8405ac
-
SHA1
ce9da8f3d3a618571e7c51e0dc42133e26ded313
-
SHA256
bd1a7304c5cc386fb5b1291dc81a28c2fd6d9c6189fab48fffd31e1ddd18ddd1
-
SHA512
e86d07ef2812cf26f2daf6b67dcff19ab05e516bddf2305507e94ca441af55e5e836e68d45602e33354c3fae88a27299f7f6a250c36fbec0d8e1f3fe4079b966
-
SSDEEP
3072:peJCXZpXSivGjYTBxSrTRKTABujHdYoJWxg1NsyfkAhhigM+kiMg87dB:OCZtSdSxWTAJ0xgI8kShigUg8Z
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-