Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ipchanger/...er.exe

windows7-x64

1

ipchanger/...er.exe

windows10-2004-x64

1

ipchanger/...er.exe

windows7-x64

7

ipchanger/...er.exe

windows10-2004-x64

7

ipchanger/...er.exe

windows7-x64

7

ipchanger/...er.exe

windows10-2004-x64

1

ipchanger/...32.dll

windows7-x64

1

ipchanger/...32.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c363ef6b7843ad91f2c27143b939fda

  • Size

    728KB

  • Sample

    231226-tstlesbhb2

  • MD5

    7c363ef6b7843ad91f2c27143b939fda

  • SHA1

    0c64f333a530b72fe484f1be2392e15174cc797d

  • SHA256

    6c4c636ca68edd549a5363e304952b1f280fc5a8db585eb9cd508d8123732f30

  • SHA512

    f11bace79997041fadd9f2f0da4dd699d2f366def76da3b99ad1a072de2e314f580d3917f53590b8d77e12396016023fbf6a16cf218146d9c7f46e6e443b1de6

  • SSDEEP

    12288:z1luBM2m17Z00fW7x4ivTaUB1D5btKiGG+ZgJgzkQhLURhmcoeSzvQhX/Qzc5sbe:hlue2OjW7CiLaUTD7KSXWz3hkmcPhYzQ

Score
7/10
persistence

Malware Config

Targets

    • Target

      ipchanger/Ip Changer Updater.exe

    • Size

      44KB

    • MD5

      c6a3c951b004bfbf13741c8a6bf6d409

    • SHA1

      6e2de22ceb2a08038e2f537b0cb1b1cddc651cb4

    • SHA256

      5a200cccac2e1921bb46c0346f4f204f988e01920d6eed22a5f7c88677cc511f

    • SHA512

      2f1007fb7ba17dd26e8a4716235a6fc66e9f7948f4b09658f89987dddebf365e483e29e5cba541f38b1190bb41c5d98cdaea9a3566d010f8f4cc14df24faa7de

    • SSDEEP

      384:bBqpg7SdefY6gh177lsxuu5VZUvzk8Fyk1PugvZm08yKQiDEtyD00SnWV77lDh:bx7S0+77CxuaUvz1P/vo08yPtoqWV77

    Score
    1/10
    behavioral1behavioral2

    • Target

      ipchanger/Tibia MULTI-ip changer.exe

    • Size

      670KB

    • MD5

      8fcdd21204741520303cecfdc682b07a

    • SHA1

      377cf064e94c9fed35533b93f9a8ad5295da3093

    • SHA256

      9b91731987dc0fc29e8a7162c75d290dee41e64881cfe023eecb59c6575b523c

    • SHA512

      8ad5c175e3bd6450432b498c23df820fdb8e4ea02ecd7e669ccf032822cd0ba8c81ef875e51621af80b5fc22bced9dcde0c3dc1118fc6946f7432bf905cac546

    • SSDEEP

      12288:WczJJhqrVPaUm8xAivTWU71T9b/KiGGgZgpgz+QtLUXhmIUSSz3QhX/Qb/5sbvj2:WczJqVSUm8WiLWUBTNKSt2zttsmIDhYd

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      ipchanger/UNinstaller.exe

    • Size

      36KB

    • MD5

      dc463e371abdeffa42cf739fccd7591b

    • SHA1

      c480ba1a718d098cb0dadb4b2246046f9214bb65

    • SHA256

      60ed463eee94e14774b010dbe38aaeee3c301be8b9473f740b1693324667e10b

    • SHA512

      71d085d2782f6b7d3b62f67b8e11d9bf805c0043534fb7e3987cba800dfea80d8ddaf5e107e606c5299e89fd1ab863b7183bf9b473df9fcea7c355122aac5a31

    • SSDEEP

      384:FsUi0Z4F7OlXVCnhwv/jYnC9oWb3eOaq9/21UWU2B22CDw423ogFqi0Z:Fti7tnUEo21UvykB5xi

    Score
    7/10

    • Deletes itself

    behavioral5behavioral6

    • Target

      ipchanger/comdlg32.ocx

    • Size

      149KB

    • MD5

      ab412429f1e5fb9708a8cdea07479099

    • SHA1

      eb49323be4384a0e7e36053f186b305636e82887

    • SHA256

      e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

    • SHA512

      f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

    • SSDEEP

      3072:VCslb9HnH/GrQ/qCFyn7dWXSQeRDBIY/OR5JrNo2CocrJbNN6N2TRqEydc:VCsB9Hu9nweRD4JZoDxtRHj

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks