Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    lovely rat.zip

  • Size

    36.4MB

  • Sample

    231207-r2eshscb67

  • MD5

    f4dcd3bffcc6cb6f0fc03461fd90cec6

  • SHA1

    661d96656d383765e0d2c656128efbc5fbdf0ee7

  • SHA256

    6e5f4e02cbc149a454d363c1c0934543c57fc8c519040c11441dcd601eebc547

  • SHA512

    96505c41c4feb0d8bcec43767877ee03d2bf38e51313dccfb1c34070f90d6992619ffe336f7e981c259886eb83239fa5019dc2bff334cd57c610ab4cade74656

  • SSDEEP

    786432:xflFDzZNQpx0/Hpd6LPGzflFDzZNQpx0/Hpd6LPGL:BlFHZNQP0vpdEGzlFHZNQP0vpdEGL

Malware Config

Targets

    • Target

      lovely rat.zip

    • Size

      36.4MB

    • MD5

      f4dcd3bffcc6cb6f0fc03461fd90cec6

    • SHA1

      661d96656d383765e0d2c656128efbc5fbdf0ee7

    • SHA256

      6e5f4e02cbc149a454d363c1c0934543c57fc8c519040c11441dcd601eebc547

    • SHA512

      96505c41c4feb0d8bcec43767877ee03d2bf38e51313dccfb1c34070f90d6992619ffe336f7e981c259886eb83239fa5019dc2bff334cd57c610ab4cade74656

    • SSDEEP

      786432:xflFDzZNQpx0/Hpd6LPGzflFDzZNQpx0/Hpd6LPGL:BlFHZNQP0vpdEGzlFHZNQP0vpdEGL

    Score
    1/10
    • Target

      Electron_Cracked_V3/ElectronUI.exe

    • Size

      18.4MB

    • MD5

      5034635dbc641bc6af5cf3f950eb4ca0

    • SHA1

      480ed67e33136f6a7bf329b1b0df6717f958a072

    • SHA256

      e199cd8a6297d6846f6e2a5a3e8e2450c3c6a9138ab18dc098a34a16bb107bb2

    • SHA512

      f54c72f27af038beb00be4395158fec30973893b6a00e4e822cc29ee01df07148c1180fa94d56902288c1f75fdf205dcd5e2841da5151ea4fea789523fa29fc3

    • SSDEEP

      393216:+qPnLFXlrPYgQpDOETgs77fGWg/fxs82vEmiQVFFL2:zPLFXNPRQoE7tafukEVFJ

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      67e1731fa5bb1ccf4e3effe4f0c1f800

    • SHA1

      fbb06edcd333b296fff194c7694f8d2bea93781a

    • SHA256

      2a2259a7e4baff32e8d86b4c0d5e3fcbeb9f389d87c9c3032d86ddaa194cb91f

    • SHA512

      07087cebe8aa478a36c5a37b24524af6685ed6d20f3266c44b7b861923e16c5feb2babe9a1dc13c6f032be21ea5e6e64726b45980f684196180bd66165e74839

    • SSDEEP

      192:w8MzxtNAD8idWdXwLclOx2EIgHVqJhwF4Jb4KMdwj55nw:LIJwWuoQxMg1O2oPj/w

    Score
    3/10
    • Target

      Electron_Cracked_V3/Particle.exe

    • Size

      18.4MB

    • MD5

      5034635dbc641bc6af5cf3f950eb4ca0

    • SHA1

      480ed67e33136f6a7bf329b1b0df6717f958a072

    • SHA256

      e199cd8a6297d6846f6e2a5a3e8e2450c3c6a9138ab18dc098a34a16bb107bb2

    • SHA512

      f54c72f27af038beb00be4395158fec30973893b6a00e4e822cc29ee01df07148c1180fa94d56902288c1f75fdf205dcd5e2841da5151ea4fea789523fa29fc3

    • SSDEEP

      393216:+qPnLFXlrPYgQpDOETgs77fGWg/fxs82vEmiQVFFL2:zPLFXNPRQoE7tafukEVFJ

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      67e1731fa5bb1ccf4e3effe4f0c1f800

    • SHA1

      fbb06edcd333b296fff194c7694f8d2bea93781a

    • SHA256

      2a2259a7e4baff32e8d86b4c0d5e3fcbeb9f389d87c9c3032d86ddaa194cb91f

    • SHA512

      07087cebe8aa478a36c5a37b24524af6685ed6d20f3266c44b7b861923e16c5feb2babe9a1dc13c6f032be21ea5e6e64726b45980f684196180bd66165e74839

    • SSDEEP

      192:w8MzxtNAD8idWdXwLclOx2EIgHVqJhwF4Jb4KMdwj55nw:LIJwWuoQxMg1O2oPj/w

    Score
    3/10
    • Target

      Electron_Cracked_V3/Read Me.txt

    • Size

      387B

    • MD5

      cfafd83e7fc82d8e7514c611cc2cc5dc

    • SHA1

      dfe0cc8aaafdfcd2564967141a5027eddb06d7e7

    • SHA256

      7eedb4033afe1aa4bf4b543c9d8763baf142622e98f6bf97fe5f57749121cf16

    • SHA512

      8ba0a06d07ecc98f779766d99c235c96010534cc78f9e214b11f4e95785cc473c093927d603d9be040eacd823fd0614bfbc0d757d2a5a4446eb41b9f972d14e2

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks