Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Nobodylefts.rar
-
Size
61.4MB
-
Sample
231117-pwlyjahc83
-
MD5
a8d463ae25211b554966507a5b1f84fe
-
SHA1
2bef495bf59b23e69287610656fd5992bb605af1
-
SHA256
126a0602a509a1490059096d34a355284d18aac56a13f70c44bf970c25397592
-
SHA512
c2f75ae24c2ff9e49f45acb95ba3ebd6b7320fbbac0fedcc6a1503ada5c039d72beedfbfd16c30e94bb96dc2f2fce7a52fecf158299e4767c1128f05fc4fbffb
-
SSDEEP
1572864:2WMN6mR7k90b08EO/kfWexh2NqLo7cb12P9gJ9hkwaQ6/BQVFv8:2Wk6mRDb1/kjx+qcXYkwj8BUx8
Static task
static1
Behavioral task
behavioral1
Sample
NobodyLeft.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NobodyLeft.exe
Resource
win10-20231023-en
Malware Config
Targets
-
-
Target
NobodyLeft.exe
-
Size
61.5MB
-
MD5
97b2e2c3ed98699b9a599152e1268cb1
-
SHA1
94a5aec357236660289640542945c2fbdeacc97f
-
SHA256
9755cfcf306250fe11c18c352339f0b68550bf1d33eb506784f4fdf3cd38301a
-
SHA512
9974038fd82fc3c66fc5896e34d4d8e43f11d4f16e325ff60444c43ce112dfdd65f20dbdfaf6592af03b5257f607ed02d41d763c7edc0cfe3a9f677c651f1826
-
SSDEEP
1572864:Zm6Jewn4Mt7wHicKw+V9kulozpfHatc6FHQQWKFJ:k6JenKMHZKw+UuOVStc4QQWKFJ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-