Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Eyada - Genshin.exe
windows7-x64
7Eyada - Genshin.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
6discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
Eyada - Genshin.exe
-
Size
26.5MB
-
Sample
231223-2624qaadcn
-
MD5
ee5a9db3543d621124e768e0e5db60d2
-
SHA1
2c43493f163748871c2d141efd6d063830dd1f98
-
SHA256
1fc4dc449959381784dd2500ea76de0139e40b8aca1d92e6b5d22fb6f927636c
-
SHA512
9b9fc9f8eb7a8868585ff980c5ccfea79b2b0a2f08a6281494940a5481d060123eb045b41cf8a12778ab8498713a9f4dff66e4a3169b2906abd9f0a3447a3a13
-
SSDEEP
393216:HUdMbZ0JLHdB3QNlV8VNetLV+A/pWNdW88RUarfgnfXBB1eDBzs2CUTA53Hyp:HUdMbZ0JR5Ql8+V+A/pWTW8k+CBzEfI
Behavioral task
behavioral1
Sample
Eyada - Genshin.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Eyada - Genshin.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Eyada - Genshin.exe
-
Size
26.5MB
-
MD5
ee5a9db3543d621124e768e0e5db60d2
-
SHA1
2c43493f163748871c2d141efd6d063830dd1f98
-
SHA256
1fc4dc449959381784dd2500ea76de0139e40b8aca1d92e6b5d22fb6f927636c
-
SHA512
9b9fc9f8eb7a8868585ff980c5ccfea79b2b0a2f08a6281494940a5481d060123eb045b41cf8a12778ab8498713a9f4dff66e4a3169b2906abd9f0a3447a3a13
-
SSDEEP
393216:HUdMbZ0JLHdB3QNlV8VNetLV+A/pWNdW88RUarfgnfXBB1eDBzs2CUTA53Hyp:HUdMbZ0JR5Ql8+V+A/pWTW8k+CBzEfI
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
db40ce247b464d3ac0d15080f22ce442
-
SHA1
eb10f081e16c9566f1b487d39eda3fb8fa4b0de5
-
SHA256
74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046
-
SHA512
c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e
-
SSDEEP
384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8
Score6/10-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
ddc40a1cee51500039f5c98ef7b1d3c9
-
SHA1
1e65cf0d7acb74e429844d2ee5b2d39369d17750
-
SHA256
1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436
-
SHA512
c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db
-
SSDEEP
192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE
Score3/10 -
-
-
Target
misc.pyc
-
Size
5KB
-
MD5
fccbf8762a2d6e382b044d73c9969fbc
-
SHA1
9530b874a2fb37cef0bdbc13775d64400c6158b4
-
SHA256
bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89
-
SHA512
359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20
-
SSDEEP
96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
1ca5633be35a5db415bc83be9852bf0e
-
SHA1
710a4da76579449bb0b45eecedd42aea82ba6b35
-
SHA256
07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099
-
SHA512
9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb
-
SSDEEP
192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
163KB
-
MD5
7763719e0071f4e71ed010ac29a4b56b
-
SHA1
85959c693807a0fd14b921523d31e20564b8386e
-
SHA256
7002e97fcdbdd31c5d02921b82018e2cf7337a1855f1178d96dbe07e23860567
-
SHA512
c4d0b9350e22e017f04c831a3c9f83563c027860fc9ca3d13f9d0b9d5335f8f7dbbe3fe243593d79cb7d076227fb91421bbbff59e91ad31f7a9a61510c976287
-
SSDEEP
3072:63L7GG1/psR7oIi/jnEeSQGMvCgYcMa7C8IW:63/Gk07oI+AeSpMvCgYcMCC0
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1