Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9228b749452ea70bbd0ad5c7bac258cf.exe
-
Size
292KB
-
Sample
231127-sqrhlshd52
-
MD5
9228b749452ea70bbd0ad5c7bac258cf
-
SHA1
3812403cfeaece0468c669577386e13b4336f707
-
SHA256
c0a1c4b377daa251207cd51256ce1c5391b4f9226ccc7fe44117e067d3409aff
-
SHA512
54f455e0a6c76062c516c874f1ac673f137d1a36688030d6e7017de1d5e9fc90f6967d2257a690e649ca66053e26cd20c9588137e7d89aaaedf3d4c5d3c40a92
-
SSDEEP
3072:ltrNrqGRNZM2BS4wHlAIZEkcRZAWJS2y73gd7xLsxrOUbR:rrNrq8ZzS4wYRZg237xLsvR
Static task
static1
Behavioral task
behavioral1
Sample
9228b749452ea70bbd0ad5c7bac258cf.exe
Resource
win7-20231023-en
Malware Config
Extracted
stealc
http://janmorath.icu
-
url_path
/40d570f44e84a454.php
Targets
-
-
Target
9228b749452ea70bbd0ad5c7bac258cf.exe
-
Size
292KB
-
MD5
9228b749452ea70bbd0ad5c7bac258cf
-
SHA1
3812403cfeaece0468c669577386e13b4336f707
-
SHA256
c0a1c4b377daa251207cd51256ce1c5391b4f9226ccc7fe44117e067d3409aff
-
SHA512
54f455e0a6c76062c516c874f1ac673f137d1a36688030d6e7017de1d5e9fc90f6967d2257a690e649ca66053e26cd20c9588137e7d89aaaedf3d4c5d3c40a92
-
SSDEEP
3072:ltrNrqGRNZM2BS4wHlAIZEkcRZAWJS2y73gd7xLsxrOUbR:rrNrq8ZzS4wYRZg237xLsvR
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-