Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
63ba70ffb937170b450f7f3839210211baf959353501d63c2fe56f4fbae9f07d
-
Size
1.5MB
-
Sample
231213-tgz9tsehgq
-
MD5
a23609dd75aa704cdcd5745cc7555059
-
SHA1
3fb4437cac533bb8f86f3755c6b82bf8cc408333
-
SHA256
63ba70ffb937170b450f7f3839210211baf959353501d63c2fe56f4fbae9f07d
-
SHA512
ffbc949a0c0fbdbb3613c6c7ef7db1eadeff3f04d547dcc34c53e3ad288289f5c2f5741c639d3da1defe3a3116824a323b5c4f9af61d02bb1777369bef67e957
-
SSDEEP
24576:pyZdmXf/nV3drc9DecoCJfWe54JPHVJ9tqrttRMlZPyyTNiW472a7yuVYfww+:cZ6nnVaVef2ueWVFqrttRMlZPTNA2a7G
Static task
static1
Behavioral task
behavioral1
Sample
63ba70ffb937170b450f7f3839210211baf959353501d63c2fe56f4fbae9f07d.exe
Resource
win10-20231020-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
63ba70ffb937170b450f7f3839210211baf959353501d63c2fe56f4fbae9f07d
-
Size
1.5MB
-
MD5
a23609dd75aa704cdcd5745cc7555059
-
SHA1
3fb4437cac533bb8f86f3755c6b82bf8cc408333
-
SHA256
63ba70ffb937170b450f7f3839210211baf959353501d63c2fe56f4fbae9f07d
-
SHA512
ffbc949a0c0fbdbb3613c6c7ef7db1eadeff3f04d547dcc34c53e3ad288289f5c2f5741c639d3da1defe3a3116824a323b5c4f9af61d02bb1777369bef67e957
-
SSDEEP
24576:pyZdmXf/nV3drc9DecoCJfWe54JPHVJ9tqrttRMlZPyyTNiW472a7yuVYfww+:cZ6nnVaVef2ueWVFqrttRMlZPTNA2a7G
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-