Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2
-
Size
1.5MB
-
Sample
231214-cj8wbaahaj
-
MD5
7d97f7292ac110312aedf2b1f3aad869
-
SHA1
a38548468544b239108fc156cb5940ecea1a243a
-
SHA256
0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2
-
SHA512
0d2fa22c9a373f2d69b83ee0cbadfab55dba1cd5bda72ed3a7caa49fcbd9f9fa276afb2249cf5c8db346c805dd13bcd234967ddae5d9c6df6dcb542d6514f426
-
SSDEEP
24576:ky9VsmJemf/nV3Vrc9H2Ag217dOptMAZJzUHsQEg+JPDJ+TrgtEyuBYfiALs:zLsmJemHnVSZng2vEtMo018PDJugtEyv
Static task
static1
Behavioral task
behavioral1
Sample
0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2.exe
Resource
win10-20231129-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2
-
Size
1.5MB
-
MD5
7d97f7292ac110312aedf2b1f3aad869
-
SHA1
a38548468544b239108fc156cb5940ecea1a243a
-
SHA256
0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2
-
SHA512
0d2fa22c9a373f2d69b83ee0cbadfab55dba1cd5bda72ed3a7caa49fcbd9f9fa276afb2249cf5c8db346c805dd13bcd234967ddae5d9c6df6dcb542d6514f426
-
SSDEEP
24576:ky9VsmJemf/nV3Vrc9H2Ag217dOptMAZJzUHsQEg+JPDJ+TrgtEyuBYfiALs:zLsmJemHnVSZng2vEtMo018PDJugtEyv
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-