Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tuc2.exe
-
Size
4.5MB
-
Sample
240107-e4ty1aedbq
-
MD5
33d656492325072faf15c45a164487c6
-
SHA1
ac01c9853d8acba4025369e2aee2487a2f31a232
-
SHA256
b12aff75a9a173c15b91ad9b89718f7e73dcd72d97a623d732c4b24f52872b65
-
SHA512
2344f6290a3adf46182abb2587f5b2ca335a59902f96da3c0296497d83444f9047781e3ea9deff3c9c7aa00aa85205e68eb291d0fb9d5450232635942936f705
-
SSDEEP
98304:QSV6RmOv3vsD3ieHPRuLiWnx2XtEwJdVTio0O4dm8:Cmg3vc3iEPRuZitEm0O4dD
Malware Config
Targets
-
-
Target
tuc2.exe
-
Size
4.5MB
-
MD5
33d656492325072faf15c45a164487c6
-
SHA1
ac01c9853d8acba4025369e2aee2487a2f31a232
-
SHA256
b12aff75a9a173c15b91ad9b89718f7e73dcd72d97a623d732c4b24f52872b65
-
SHA512
2344f6290a3adf46182abb2587f5b2ca335a59902f96da3c0296497d83444f9047781e3ea9deff3c9c7aa00aa85205e68eb291d0fb9d5450232635942936f705
-
SSDEEP
98304:QSV6RmOv3vsD3ieHPRuLiWnx2XtEwJdVTio0O4dm8:Cmg3vc3iEPRuZitEm0O4dD
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-