Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dc34986f0a9c6bfa3171722f3d7368403175f0cd99c4cbe63aaab26c7eef1906
-
Size
1.5MB
-
Sample
231214-knqjjacecr
-
MD5
31a2fc7a3aa63208b9312db7baa5dcd6
-
SHA1
0a2f410621782ce752f955d61afc912c6fc7312e
-
SHA256
dc34986f0a9c6bfa3171722f3d7368403175f0cd99c4cbe63aaab26c7eef1906
-
SHA512
4e0d5713fca33eced253dbc8fa4dc44a19f7acebfbef5f6ae581f7db073a3b381769ac3a7fc38e3203161b6152be7c92ab1d2edb31af34569fa5c81cc8001fdc
-
SSDEEP
24576:GygFhPDdQUftnV3Jrc9nrhPYY+wVgdW5gy19HaLHmgEpmZvYfg5EfLDyudYfQao/:VOpdQUFnV+drhR+w2Y5gy19HIG3kvY9Q
Static task
static1
Behavioral task
behavioral1
Sample
dc34986f0a9c6bfa3171722f3d7368403175f0cd99c4cbe63aaab26c7eef1906.exe
Resource
win10-20231020-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
dc34986f0a9c6bfa3171722f3d7368403175f0cd99c4cbe63aaab26c7eef1906
-
Size
1.5MB
-
MD5
31a2fc7a3aa63208b9312db7baa5dcd6
-
SHA1
0a2f410621782ce752f955d61afc912c6fc7312e
-
SHA256
dc34986f0a9c6bfa3171722f3d7368403175f0cd99c4cbe63aaab26c7eef1906
-
SHA512
4e0d5713fca33eced253dbc8fa4dc44a19f7acebfbef5f6ae581f7db073a3b381769ac3a7fc38e3203161b6152be7c92ab1d2edb31af34569fa5c81cc8001fdc
-
SSDEEP
24576:GygFhPDdQUftnV3Jrc9nrhPYY+wVgdW5gy19HaLHmgEpmZvYfg5EfLDyudYfQao/:VOpdQUFnV+drhR+w2Y5gy19HIG3kvY9Q
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-