Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
XboxGamepad_2.1.rar
-
Size
718KB
-
Sample
231223-wb7g3adgf8
-
MD5
a7c37331cdc523c8ae43c7a1535fc8e8
-
SHA1
c2f628f8eddc7f72e4124898d5aaeb307c13ee49
-
SHA256
2427c122897ee5dd465db796a62d9e00d2dac8d0812007334e14ec76ad7baf15
-
SHA512
e8d6089a9c85c200e9a71ada2c8c9ef978f5e8eec9b9844315e71296fd372963330c61e354ac2fa750643c37458bc2f3dcecc8a008026cb20fb5ffe2ae5ae687
-
SSDEEP
12288:RTGEQA+mqq+Vm2Fs8JiB/HDazGJUqBVlWRhq8qHKXsYy68cmQ1ctJWjTgzM:kEQA+mqq+VTFs8oB/DPJUqXlWfvrcYp/
Static task
static1
Behavioral task
behavioral1
Sample
2.1/XINPUT/LibUsbDotNet.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral2
Sample
2.1/XINPUT/XboxOneDriver.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
2.1/XINPUT/XboxOneDriver.exp
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
2.1/XINPUT/XboxOneDriver.lib
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
2.1/XINPUT/xinput1_3.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral6
Sample
2.1/XboxOneGamePad.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
2.1/XINPUT/LibUsbDotNet.dll
-
Size
146KB
-
MD5
e2f6b564cb161a24fbd82e93352d1c9b
-
SHA1
5872531549a5842c0255276f1eac63e1a14d4fc9
-
SHA256
b589af12fe5e014a73051df1c84124282ff7f63230b26b07b879bc9f47726ea2
-
SHA512
8c422975695b02597b32c91c5500d84f3d9aee1d02ebec8d6e3421abc734422d7a5888ceb3be15499fccca02b5109a24cb7f60b897a25aec9054eea2b62af6df
-
SSDEEP
3072:ApgRzrksxK/1H/8SvJc6gfeqG+QQ2Bn4T8AeuxNeMpqGk5s//sJVf7I/uTjA:Apqzxx8H1c6iPG+QQbxVqGZ/pG
Score1/10 -
-
-
Target
2.1/XINPUT/XboxOneDriver.dll
-
Size
12KB
-
MD5
0ce911537be1b9cd74a9112941cafc3a
-
SHA1
4611938206ef90c8ef77aa8d577cbadb77d5dd62
-
SHA256
c24a29e711c160ffc35bacd7ba7178f36dfd098236e319478f3887abed299df9
-
SHA512
65343fad677696284f83319d92832d4f4cff9e206249c5a951c0644522bbd9b799ae3e42e3ac5545b4bd7e271c2dab8d724418d66b13cc8d7fa734f2118852fa
-
SSDEEP
192:ClpoJWtexWXtL9x7s7fHNGkDdGDbeOosrFXoG2cINpph:ZJWthXItGAOHF/2rN9
Score3/10 -
-
-
Target
2.1/XINPUT/XboxOneDriver.exp
-
Size
1KB
-
MD5
97a35e72cdd8676c0aa3c0e87fe37133
-
SHA1
eddbc1a831630b1cf086f75ffc6290935e76a6e5
-
SHA256
35446b2d83c81358fb4ef2539691fca0d1f9bc9fac5d1c71c221ff1fd6e32082
-
SHA512
7fd26cacdc402b70b69f81eac9635f0000da4bd8042f6f4a1e678fdf0dcffdc8e873b884217150aa1e04fb9c9746633eba266388d0a6eca5173e2bd4deed8029
Score3/10 -
-
-
Target
2.1/XINPUT/XboxOneDriver.lib
-
Size
3KB
-
MD5
490a76d393d19efd9b515519596bb15e
-
SHA1
e9674947f59ba95393dd611e782811121aad1eea
-
SHA256
f86402235619dc1bdc2fd87996d69f4b882ec1143ac24209418926dbd5714c5a
-
SHA512
08557c55927fb473aec36a67dcdabe55b6ff3e64cc00000dda4e160926cfed183338f1e34d8edc22013879679592ed90c4fa85b52f9154f2ea4a8b0d652a3d2e
Score3/10 -
-
-
Target
2.1/XINPUT/xinput1_3.dll
-
Size
475KB
-
MD5
e61eae879bc6c5ca4e72f82304e85d7c
-
SHA1
a361a39aebee69555d7cd7ce1dba88fb15e29234
-
SHA256
b1e2ec4fc3651945306a12c3a15f7c879b48110963c346009937fea216861169
-
SHA512
4618e16690d18a573a47f112ac187caf0975009a12d6ebc66865c030d27c3aea0bb18e3d8fea9bb5d84639393c0c00a84c863d4f04b16fbe820c90c6de2ce5de
-
SSDEEP
12288:pKaECGTQPkYTpXX7IoP6SqfFvbKFiEquD+ou3w:p7EtQXTpXEm6QFiEquDg3w
Score1/10 -
-
-
Target
2.1/XboxOneGamePad.exe
-
Size
609KB
-
MD5
3096291e785c07eec28d751321ddb495
-
SHA1
4b7d83e826c129b5f98b4667f0584dddf5fd54af
-
SHA256
3eba90986be52f7f17d4be2630eec0dc6f2fc1f4c38e0ffa6db6ab39ee3d9278
-
SHA512
3351e8a17ef8daba756c7efff6fb9a8173e7637c064e00950c9dd821d78e9d93cbb737d69f7c8d2547207478ee3795c7b9a6392a4d477f0ea94a7a8b7d749c38
-
SSDEEP
12288:WZLwrTd+z4fGpbOfBofQ1iX/math/rgYdB4mklf3Ys6Mcw9L8dBfenw5bP/5tJBT:WZLqMVfh+AlBShf3R6E94dcng/5tJB73
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-