Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ef2a03f03f...xe.exe

windows7-x64

6

ef2a03f03f...xe.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef2a03f03f9748effd79d71d7684347792f9748b7bbb18843bd382570e4d332eexe.exe

  • Size

    389KB

  • Sample

    240107-x93gfadee9

  • MD5

    19b0bf2bb132231de9dd08f8761c5998

  • SHA1

    a08a73f6fa211061d6defc14bc8fec6ada2166c4

  • SHA256

    ef2a03f03f9748effd79d71d7684347792f9748b7bbb18843bd382570e4d332e

  • SHA512

    5bbf211c2b0500903e07e8b460cae5e6085a14bdf2940221502d123bd448fa01dd14518cfef03a967f10b0edbd5778b5deb7141d4c6c168fc1e34aba9f96ffa1

  • SSDEEP

    12288:F+bMtwrleoUUcdl5gs7wSYbHkZPu/KjGHH711P5b:FDtUlCdl5v7GkQ71JJ

Score
10/10
privateloaderloader

Malware Config

Extracted

Family

privateloader

C2

http://45.133.1.182/proxies.txt

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

45.133.1.60
Attributes
  • payload_url

    https://vipsofts.xyz/files/mega.bmp

Targets

    • Target

      ef2a03f03f9748effd79d71d7684347792f9748b7bbb18843bd382570e4d332eexe.exe

    • Size

      389KB

    • MD5

      19b0bf2bb132231de9dd08f8761c5998

    • SHA1

      a08a73f6fa211061d6defc14bc8fec6ada2166c4

    • SHA256

      ef2a03f03f9748effd79d71d7684347792f9748b7bbb18843bd382570e4d332e

    • SHA512

      5bbf211c2b0500903e07e8b460cae5e6085a14bdf2940221502d123bd448fa01dd14518cfef03a967f10b0edbd5778b5deb7141d4c6c168fc1e34aba9f96ffa1

    • SSDEEP

      12288:F+bMtwrleoUUcdl5gs7wSYbHkZPu/KjGHH711P5b:FDtUlCdl5v7GkQ71JJ

    Score
    6/10

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks