Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Eyada - Genshin.exe

  • Size

    26.5MB

  • Sample

    231223-2624qaadcn

  • MD5

    ee5a9db3543d621124e768e0e5db60d2

  • SHA1

    2c43493f163748871c2d141efd6d063830dd1f98

  • SHA256

    1fc4dc449959381784dd2500ea76de0139e40b8aca1d92e6b5d22fb6f927636c

  • SHA512

    9b9fc9f8eb7a8868585ff980c5ccfea79b2b0a2f08a6281494940a5481d060123eb045b41cf8a12778ab8498713a9f4dff66e4a3169b2906abd9f0a3447a3a13

  • SSDEEP

    393216:HUdMbZ0JLHdB3QNlV8VNetLV+A/pWNdW88RUarfgnfXBB1eDBzs2CUTA53Hyp:HUdMbZ0JR5Ql8+V+A/pWTW8k+CBzEfI

Malware Config

Targets

    • Target

      Eyada - Genshin.exe

    • Size

      26.5MB

    • MD5

      ee5a9db3543d621124e768e0e5db60d2

    • SHA1

      2c43493f163748871c2d141efd6d063830dd1f98

    • SHA256

      1fc4dc449959381784dd2500ea76de0139e40b8aca1d92e6b5d22fb6f927636c

    • SHA512

      9b9fc9f8eb7a8868585ff980c5ccfea79b2b0a2f08a6281494940a5481d060123eb045b41cf8a12778ab8498713a9f4dff66e4a3169b2906abd9f0a3447a3a13

    • SSDEEP

      393216:HUdMbZ0JLHdB3QNlV8VNetLV+A/pWNdW88RUarfgnfXBB1eDBzs2CUTA53Hyp:HUdMbZ0JR5Ql8+V+A/pWTW8k+CBzEfI

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      db40ce247b464d3ac0d15080f22ce442

    • SHA1

      eb10f081e16c9566f1b487d39eda3fb8fa4b0de5

    • SHA256

      74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046

    • SHA512

      c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e

    • SSDEEP

      384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8

    Score
    6/10
    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      ddc40a1cee51500039f5c98ef7b1d3c9

    • SHA1

      1e65cf0d7acb74e429844d2ee5b2d39369d17750

    • SHA256

      1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436

    • SHA512

      c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db

    • SSDEEP

      192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE

    Score
    3/10
    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      fccbf8762a2d6e382b044d73c9969fbc

    • SHA1

      9530b874a2fb37cef0bdbc13775d64400c6158b4

    • SHA256

      bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89

    • SHA512

      359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ

    Score
    3/10
    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      1ca5633be35a5db415bc83be9852bf0e

    • SHA1

      710a4da76579449bb0b45eecedd42aea82ba6b35

    • SHA256

      07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099

    • SHA512

      9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb

    • SSDEEP

      192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn

    Score
    3/10
    • Target

      source_prepared.pyc

    • Size

      163KB

    • MD5

      7763719e0071f4e71ed010ac29a4b56b

    • SHA1

      85959c693807a0fd14b921523d31e20564b8386e

    • SHA256

      7002e97fcdbdd31c5d02921b82018e2cf7337a1855f1178d96dbe07e23860567

    • SHA512

      c4d0b9350e22e017f04c831a3c9f83563c027860fc9ca3d13f9d0b9d5335f8f7dbbe3fe243593d79cb7d076227fb91421bbbff59e91ad31f7a9a61510c976287

    • SSDEEP

      3072:63L7GG1/psR7oIi/jnEeSQGMvCgYcMa7C8IW:63/Gk07oI+AeSpMvCgYcMCC0

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks