Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
948c9b868e733196f7ee76f792e1fd0f3fb244799b3628c6560338354d434001_JC.exe
-
Size
213KB
-
Sample
231012-tpjbaaaf7t
-
MD5
e1e3a47bfc74d2078d4d1a9a9e6cc044
-
SHA1
911c1dd3eb97fc6306ed2ba18bf19cfb4a26a91d
-
SHA256
948c9b868e733196f7ee76f792e1fd0f3fb244799b3628c6560338354d434001
-
SHA512
6bfdc502511d3832bbdb80fcd80a96cf4e04f293df637d92f8cb00b48a9f452ddff2b7e1528463e117fbc39935f1f0d4fe4a54a820696e063ecc39185485ee2f
-
SSDEEP
6144:PYa658UM+kV2Rp/azKjeYoRuEKhGSWQ1B:PY78UNFaYokuSzB
Malware Config
Extracted
originbotnet
https://veit-intl.com/gate
-
add_startup
false
-
download_folder_name
3khaalk1.i2q
-
hide_file_startup
false
-
startup_directory_name
jpWCq
-
startup_environment_name
appdata
-
startup_installation_name
jpWCq.exe
-
startup_registry_name
jpWCq
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Targets
-
-
Target
948c9b868e733196f7ee76f792e1fd0f3fb244799b3628c6560338354d434001_JC.exe
-
Size
213KB
-
MD5
e1e3a47bfc74d2078d4d1a9a9e6cc044
-
SHA1
911c1dd3eb97fc6306ed2ba18bf19cfb4a26a91d
-
SHA256
948c9b868e733196f7ee76f792e1fd0f3fb244799b3628c6560338354d434001
-
SHA512
6bfdc502511d3832bbdb80fcd80a96cf4e04f293df637d92f8cb00b48a9f452ddff2b7e1528463e117fbc39935f1f0d4fe4a54a820696e063ecc39185485ee2f
-
SSDEEP
6144:PYa658UM+kV2Rp/azKjeYoRuEKhGSWQ1B:PY78UNFaYokuSzB
Score10/10-
OriginBotnet
OriginBotnet is a remote access trojan written in C#.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-