Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5994d3897dc6097f95ccb74dae995b87274b19d4fd62df21c226607b0d94cbc6_JC.exe
-
Size
242KB
-
Sample
231012-s4f9sshc21
-
MD5
edefce3c8aa728e6d8718dcc75b801e2
-
SHA1
6b2c25817ce660c25bc9651d86a7cf816d719c7c
-
SHA256
5994d3897dc6097f95ccb74dae995b87274b19d4fd62df21c226607b0d94cbc6
-
SHA512
7ea3335facdd569b0b52c750e95c89ee17afac2e48cd56380b179cd9490d89c4288e03f02c90ac8d5564716f1b964645e9ab483f379d41d1a1ceda0680926ba4
-
SSDEEP
6144:vYa6jAf0x2IBUqkLIjdAmSPIA640Mb2WtvS8Y4Cn:vYhAf0x2IB2UoaMbZzY4u
Malware Config
Extracted
originbotnet
https://veit-intl.com/gate
-
add_startup
false
-
download_folder_name
3khaalk1.i2q
-
hide_file_startup
false
-
startup_directory_name
jpWCq
-
startup_environment_name
appdata
-
startup_installation_name
jpWCq.exe
-
startup_registry_name
jpWCq
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Targets
-
-
Target
5994d3897dc6097f95ccb74dae995b87274b19d4fd62df21c226607b0d94cbc6_JC.exe
-
Size
242KB
-
MD5
edefce3c8aa728e6d8718dcc75b801e2
-
SHA1
6b2c25817ce660c25bc9651d86a7cf816d719c7c
-
SHA256
5994d3897dc6097f95ccb74dae995b87274b19d4fd62df21c226607b0d94cbc6
-
SHA512
7ea3335facdd569b0b52c750e95c89ee17afac2e48cd56380b179cd9490d89c4288e03f02c90ac8d5564716f1b964645e9ab483f379d41d1a1ceda0680926ba4
-
SSDEEP
6144:vYa6jAf0x2IBUqkLIjdAmSPIA640Mb2WtvS8Y4Cn:vYhAf0x2IB2UoaMbZzY4u
Score10/10-
OriginBotnet
OriginBotnet is a remote access trojan written in C#.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-