Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
95cc300618cf5a0abb4b36427d838ee00bc37e515bf527ecf24725d70610c993.zip
-
Size
160KB
-
Sample
231119-z39naace3w
-
MD5
3a5a0cd30c56927a68e5a8f502508a83
-
SHA1
d0a31fa867fc7d09bc383060e6b991ce89b2a12e
-
SHA256
a09d7644a2b61731b0669ddde1793dfbb76f7b1b738f5d5d7684e1b53c675b5a
-
SHA512
80ea69d9c6c7087f8d13751909afdefc70d43d7cea3743db0863c777e0622e730813428f4f7182dfbcd59fe444e3700349475cc294b62aaa08881331c00cdb9b
-
SSDEEP
3072:mFHS3OaFGhW3ft0IfivKffu875UJqR9Zj/GeBx5EK9ctigq8V5fWO+nj1UMy:2H+OaMWF0/eui5UJqLN/fj5/OpWOFf
Static task
static1
Behavioral task
behavioral1
Sample
95cc300618cf5a0abb4b36427d838ee00bc37e515bf527ecf24725d70610c993.exe
Resource
win7-20231023-en
Malware Config
Extracted
stealc
http://bernardofata.icu
-
url_path
/40d570f44e84a454.php
Targets
-
-
Target
95cc300618cf5a0abb4b36427d838ee00bc37e515bf527ecf24725d70610c993.exe
-
Size
247KB
-
MD5
2a3773e1dccb10a11d39139b2a3c4700
-
SHA1
6d19664ed14bc2f1a8d06948c02105c489cc6b96
-
SHA256
95cc300618cf5a0abb4b36427d838ee00bc37e515bf527ecf24725d70610c993
-
SHA512
67a90564bdf119beb271e2b008b6a5e278b7cd253ed03626422fcecc5af41a40b40bbafc42f22fb7fc9133978033d31a581c980deaf8e96ee9d94bcc6591cea9
-
SSDEEP
3072:B4VQxA8+X0F7Rq0iu2yUnF64XBqf0wKxF0EhMOR8F89pUpx/p4KCl:yyqzX0F9nZgF64XBk0wK7eF898x5
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-