Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10lovely rat.zip
windows7-x64
1lovely rat.zip
windows10-2004-x64
1Electron_C...UI.exe
windows7-x64
7Electron_C...UI.exe
windows10-2004-x64
7main.pyc
windows7-x64
3main.pyc
windows10-2004-x64
3Electron_C...le.exe
windows7-x64
7Electron_C...le.exe
windows10-2004-x64
7main.pyc
windows7-x64
3main.pyc
windows10-2004-x64
3Electron_C...Me.txt
windows7-x64
1Electron_C...Me.txt
windows10-2004-x64
1General
-
Target
lovely rat.zip
-
Size
36.4MB
-
Sample
231207-r2eshscb67
-
MD5
f4dcd3bffcc6cb6f0fc03461fd90cec6
-
SHA1
661d96656d383765e0d2c656128efbc5fbdf0ee7
-
SHA256
6e5f4e02cbc149a454d363c1c0934543c57fc8c519040c11441dcd601eebc547
-
SHA512
96505c41c4feb0d8bcec43767877ee03d2bf38e51313dccfb1c34070f90d6992619ffe336f7e981c259886eb83239fa5019dc2bff334cd57c610ab4cade74656
-
SSDEEP
786432:xflFDzZNQpx0/Hpd6LPGzflFDzZNQpx0/Hpd6LPGL:BlFHZNQP0vpdEGzlFHZNQP0vpdEGL
Behavioral task
behavioral1
Sample
lovely rat.zip
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
lovely rat.zip
Resource
win10v2004-20231201-en
Behavioral task
behavioral3
Sample
Electron_Cracked_V3/ElectronUI.exe
Resource
win7-20231130-en
Behavioral task
behavioral4
Sample
Electron_Cracked_V3/ElectronUI.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
main.pyc
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
main.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
Electron_Cracked_V3/Particle.exe
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
Electron_Cracked_V3/Particle.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral9
Sample
main.pyc
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
main.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral11
Sample
Electron_Cracked_V3/Read Me.txt
Resource
win7-20231130-en
Behavioral task
behavioral12
Sample
Electron_Cracked_V3/Read Me.txt
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
lovely rat.zip
-
Size
36.4MB
-
MD5
f4dcd3bffcc6cb6f0fc03461fd90cec6
-
SHA1
661d96656d383765e0d2c656128efbc5fbdf0ee7
-
SHA256
6e5f4e02cbc149a454d363c1c0934543c57fc8c519040c11441dcd601eebc547
-
SHA512
96505c41c4feb0d8bcec43767877ee03d2bf38e51313dccfb1c34070f90d6992619ffe336f7e981c259886eb83239fa5019dc2bff334cd57c610ab4cade74656
-
SSDEEP
786432:xflFDzZNQpx0/Hpd6LPGzflFDzZNQpx0/Hpd6LPGL:BlFHZNQP0vpdEGzlFHZNQP0vpdEGL
Score1/10 -
-
-
Target
Electron_Cracked_V3/ElectronUI.exe
-
Size
18.4MB
-
MD5
5034635dbc641bc6af5cf3f950eb4ca0
-
SHA1
480ed67e33136f6a7bf329b1b0df6717f958a072
-
SHA256
e199cd8a6297d6846f6e2a5a3e8e2450c3c6a9138ab18dc098a34a16bb107bb2
-
SHA512
f54c72f27af038beb00be4395158fec30973893b6a00e4e822cc29ee01df07148c1180fa94d56902288c1f75fdf205dcd5e2841da5151ea4fea789523fa29fc3
-
SSDEEP
393216:+qPnLFXlrPYgQpDOETgs77fGWg/fxs82vEmiQVFFL2:zPLFXNPRQoE7tafukEVFJ
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
67e1731fa5bb1ccf4e3effe4f0c1f800
-
SHA1
fbb06edcd333b296fff194c7694f8d2bea93781a
-
SHA256
2a2259a7e4baff32e8d86b4c0d5e3fcbeb9f389d87c9c3032d86ddaa194cb91f
-
SHA512
07087cebe8aa478a36c5a37b24524af6685ed6d20f3266c44b7b861923e16c5feb2babe9a1dc13c6f032be21ea5e6e64726b45980f684196180bd66165e74839
-
SSDEEP
192:w8MzxtNAD8idWdXwLclOx2EIgHVqJhwF4Jb4KMdwj55nw:LIJwWuoQxMg1O2oPj/w
Score3/10 -
-
-
Target
Electron_Cracked_V3/Particle.exe
-
Size
18.4MB
-
MD5
5034635dbc641bc6af5cf3f950eb4ca0
-
SHA1
480ed67e33136f6a7bf329b1b0df6717f958a072
-
SHA256
e199cd8a6297d6846f6e2a5a3e8e2450c3c6a9138ab18dc098a34a16bb107bb2
-
SHA512
f54c72f27af038beb00be4395158fec30973893b6a00e4e822cc29ee01df07148c1180fa94d56902288c1f75fdf205dcd5e2841da5151ea4fea789523fa29fc3
-
SSDEEP
393216:+qPnLFXlrPYgQpDOETgs77fGWg/fxs82vEmiQVFFL2:zPLFXNPRQoE7tafukEVFJ
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
67e1731fa5bb1ccf4e3effe4f0c1f800
-
SHA1
fbb06edcd333b296fff194c7694f8d2bea93781a
-
SHA256
2a2259a7e4baff32e8d86b4c0d5e3fcbeb9f389d87c9c3032d86ddaa194cb91f
-
SHA512
07087cebe8aa478a36c5a37b24524af6685ed6d20f3266c44b7b861923e16c5feb2babe9a1dc13c6f032be21ea5e6e64726b45980f684196180bd66165e74839
-
SSDEEP
192:w8MzxtNAD8idWdXwLclOx2EIgHVqJhwF4Jb4KMdwj55nw:LIJwWuoQxMg1O2oPj/w
Score3/10 -
-
-
Target
Electron_Cracked_V3/Read Me.txt
-
Size
387B
-
MD5
cfafd83e7fc82d8e7514c611cc2cc5dc
-
SHA1
dfe0cc8aaafdfcd2564967141a5027eddb06d7e7
-
SHA256
7eedb4033afe1aa4bf4b543c9d8763baf142622e98f6bf97fe5f57749121cf16
-
SHA512
8ba0a06d07ecc98f779766d99c235c96010534cc78f9e214b11f4e95785cc473c093927d603d9be040eacd823fd0614bfbc0d757d2a5a4446eb41b9f972d14e2
Score1/10 -