Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
BloomReducer_5uTR_C8r.bat
-
Size
17.8MB
-
Sample
231227-3p3vcseeb2
-
MD5
a4c3b2bb74cf716899b98ba064294126
-
SHA1
848baacfb5bebbb19a356c85932e843c8d7b048b
-
SHA256
3c6ab7f65df199368cf3f381e41e047c70a8bd2e93d95b8dd893b0f6ab811cc8
-
SHA512
ad5d6f2367b558e9e6f19ca8e9a25fd4eddc4886ed654836c71f7157420fdb2d2f98f5c0fad22ed31c151e24077d8ca135f54298712b9275fd964df35c8c2aec
-
SSDEEP
393216:PqPnLFXlrVgQpDOETgsvfGMwxgNLD+vEP2wtLyqp:iPLFXN6QoE62LD3XRDp
Behavioral task
behavioral1
Sample
BloomReducer_5uTR_C8r.exe
Resource
win10-20231215-en
Behavioral task
behavioral2
Sample
main.pyc
Resource
win10-20231215-en
Malware Config
Targets
-
-
Target
BloomReducer_5uTR_C8r.bat
-
Size
17.8MB
-
MD5
a4c3b2bb74cf716899b98ba064294126
-
SHA1
848baacfb5bebbb19a356c85932e843c8d7b048b
-
SHA256
3c6ab7f65df199368cf3f381e41e047c70a8bd2e93d95b8dd893b0f6ab811cc8
-
SHA512
ad5d6f2367b558e9e6f19ca8e9a25fd4eddc4886ed654836c71f7157420fdb2d2f98f5c0fad22ed31c151e24077d8ca135f54298712b9275fd964df35c8c2aec
-
SSDEEP
393216:PqPnLFXlrVgQpDOETgsvfGMwxgNLD+vEP2wtLyqp:iPLFXN6QoE62LD3XRDp
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
8dd0e0695c917f1e60362e04874c1ad8
-
SHA1
fe305045d47279c8e3f511b9171467125ac2791d
-
SHA256
d244467b24ae13a35beffb38e94b2c11efa65a276554d343934974ad885fcf95
-
SHA512
c9102a260331894acb43be16ae0d222432b31cdbacdb68ba3ccfef0a661c23af447f9832d3337adc0e14385a1ef8f329253d0e37efa7f2d63acd2feba4e299f7
-
SSDEEP
192:wTxtThRPD8TDfWdXwPEFIr0JhwvBLtG6MdwhF1Hnw:UnkWudo2N7PhF1Hw
Score3/10 -