Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef
-
Size
128KB
-
Sample
231212-gmnf1ahcc4
-
MD5
a2b7fada2679821495ce60a0042a2ffe
-
SHA1
ffe162e52d3aaac8020377b136b58cc9aa49f2c3
-
SHA256
72b722343b6634a16e3addf6877a7d4d4bb19b646b16b4eb7beb13fecf17f22a
-
SHA512
9fa89d123169ec3c19dae5cc5c551470b61da0b278688150357efa58d8a72e4167186310e98552d2537a34989daecc289c6463acae01ebe58fbe31f41e12eb09
-
SSDEEP
3072:bqoL0aCTIZL3NbQVpbkUvtgDtvAgaGjxxkpzeJbwFHhq:bqoeTySjbODJAgTjxupIbwFBq
Static task
static1
Behavioral task
behavioral1
Sample
015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef.exe
Resource
win7-20231130-en
Malware Config
Extracted
stealc
http://77.91.76.36
-
url_path
/3886d2276f6914c4.php
Targets
-
-
Target
015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef
-
Size
190KB
-
MD5
c3cda4284fab6d48c2781c7e78dded15
-
SHA1
e0e6d1711ba8afcd402f232214a76bf3f9efa7ef
-
SHA256
015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef
-
SHA512
9a188c5573f9fffcf3f487a40822f857ff0db995ecba5ad4b77ddc88b5964e89c58bc864d7960f77e218a6a159caaeda8d35bdda9712e9d3b2805ca04fb33a53
-
SSDEEP
3072:IJW9jLf7NyT1TAT2l3NUvtgDtvA2aGjxxkpzeJsV5kZ6q:l9jLzNyT1i43WODJA2TjxupIR
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-