Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    genshin_global.exe

  • Size

    37.9MB

  • Sample

    240113-qxb1dsaghj

  • MD5

    82ebc7d0252a5361d7ca066be6551b93

  • SHA1

    8f33fbbdd51b5dc5339c0eb2e414860cf6f04fd9

  • SHA256

    bdad3c5e278a03a2f3109b84708819cc6a1f9f02ab1e83f07603f63f9916d6ce

  • SHA512

    260777c752cb2d14f7c0f667c81f4a4c9d54331cfe5b574609c073180458bff25f0db1dc81bd4023df32d34a9856ec0f10e6feaf6966a2567aa9fc37f203704b

  • SSDEEP

    786432:WQgBUWLP5jxIkTcypX3maertehppms20j17CfCCw6EGLdWiovCah5e7Y:TAUW1FIkwYXWjepmEj1yCDGLdW3aaPek

Malware Config

Targets

    • Target

      genshin_global.exe

    • Size

      37.9MB

    • MD5

      82ebc7d0252a5361d7ca066be6551b93

    • SHA1

      8f33fbbdd51b5dc5339c0eb2e414860cf6f04fd9

    • SHA256

      bdad3c5e278a03a2f3109b84708819cc6a1f9f02ab1e83f07603f63f9916d6ce

    • SHA512

      260777c752cb2d14f7c0f667c81f4a4c9d54331cfe5b574609c073180458bff25f0db1dc81bd4023df32d34a9856ec0f10e6feaf6966a2567aa9fc37f203704b

    • SSDEEP

      786432:WQgBUWLP5jxIkTcypX3maertehppms20j17CfCCw6EGLdWiovCah5e7Y:TAUW1FIkwYXWjepmEj1yCDGLdW3aaPek

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Creates new service(s)

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks