Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Malware Removal Tool.exe
-
Size
7.4MB
-
Sample
231106-bwnv8sfd6x
-
MD5
c85a91460bfb3693eaaaafadd61d99a8
-
SHA1
cd32c51013814aafc3daaf2d6b8bf0cae24fbc29
-
SHA256
47d6daa770df061dc5ba62ee71f1bc716e12adb7529465d75166ce5b7f1ad704
-
SHA512
608bfa17fc141d479a698eb82c9e440498618b2abd45c17500503fb51ac43811719a9a46d72a820f7ff84ae8234563c6fddfbde81de13ba39c4235085649b3e0
-
SSDEEP
196608:c8YYS69OshoKMuIkhVastRL5Di3uz1D7c09:YYSkOshouIkPftRL54aRZ9
Behavioral task
behavioral1
Sample
Malware Removal Tool.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral2
Sample
�������.pyc
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
Malware Removal Tool.exe
-
Size
7.4MB
-
MD5
c85a91460bfb3693eaaaafadd61d99a8
-
SHA1
cd32c51013814aafc3daaf2d6b8bf0cae24fbc29
-
SHA256
47d6daa770df061dc5ba62ee71f1bc716e12adb7529465d75166ce5b7f1ad704
-
SHA512
608bfa17fc141d479a698eb82c9e440498618b2abd45c17500503fb51ac43811719a9a46d72a820f7ff84ae8234563c6fddfbde81de13ba39c4235085649b3e0
-
SSDEEP
196608:c8YYS69OshoKMuIkhVastRL5Di3uz1D7c09:YYSkOshouIkPftRL54aRZ9
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
�������.pyc
-
Size
1KB
-
MD5
6300ba38e5db2218755f70d140b9478f
-
SHA1
98de72626760868157a8e9443fc3032cd1488ad4
-
SHA256
ce46c28d6385493c98fbe8ba7a9bc4ba9c49a62278a390c1ee27d9beced1c49d
-
SHA512
c4acb451e6d0c631f47efa267355540b94614105e6cf9e721d34ccae1ce040e6e115fd14e28c9205d2eb632ee347a93441aeec9442aa6696c3c019056e29c43a
Score1/10 -