Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dc6c4b3a9db140cefda4564e0c8adda4.exe
-
Size
240KB
-
Sample
231112-thxv4agg3t
-
MD5
dc6c4b3a9db140cefda4564e0c8adda4
-
SHA1
1e6476dd04e9652f9865e983a2b905cc3f8e34e5
-
SHA256
78380c9b3b9036cb8d3fdbacd2438971115405bcb828bb9812e4abb488408590
-
SHA512
ff719f7e50b878a0f0903afa67ff365f8972e7ba69b75583f609dedff8c166b437af601e0e304dd2623f55076513c64d2a400a4fe9d598ef63d021921d5fc7eb
-
SSDEEP
3072:tiyf4PLToR3Py+dWiWiZOegeEsSldc1aOm4DSRP4X4wZ7+c:tbwPLTmPy+dWicvsSQ1a5b4X4wN
Static task
static1
Behavioral task
behavioral1
Sample
dc6c4b3a9db140cefda4564e0c8adda4.exe
Resource
win7-20231020-en
Malware Config
Extracted
stealc
http://bernardofata.icu
-
url_path
/40d570f44e84a454.php
Targets
-
-
Target
dc6c4b3a9db140cefda4564e0c8adda4.exe
-
Size
240KB
-
MD5
dc6c4b3a9db140cefda4564e0c8adda4
-
SHA1
1e6476dd04e9652f9865e983a2b905cc3f8e34e5
-
SHA256
78380c9b3b9036cb8d3fdbacd2438971115405bcb828bb9812e4abb488408590
-
SHA512
ff719f7e50b878a0f0903afa67ff365f8972e7ba69b75583f609dedff8c166b437af601e0e304dd2623f55076513c64d2a400a4fe9d598ef63d021921d5fc7eb
-
SSDEEP
3072:tiyf4PLToR3Py+dWiWiZOegeEsSldc1aOm4DSRP4X4wZ7+c:tbwPLTmPy+dWicvsSQ1a5b4X4wN
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-