Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2FastBetVN.exe
-
Size
151KB
-
Sample
240119-r8fy6agfg3
-
MD5
3fbc8e17cb9da2415668bcc9c22f88b0
-
SHA1
66879710e62797c06013c7ca924432e3295975e7
-
SHA256
fdb18d128decf596a3670a3407e9afb6c0320daa40f5e2ebc9bacb94b0d755b6
-
SHA512
0e27c3671709bac901cd669de232580b9a91fc9c6f68b837fbd2ceb5c2f8901c6fd3785255669563ed457ca2000975bc6b461d12939ab7e21d3de700720ec97c
-
SSDEEP
3072:xyqBXv8zjxf5GWp1icKAArDZz4N9GhbkrNEk1uN:vu7p0yN90QED
Malware Config
Targets
-
-
Target
2FastBetVN.exe
-
Size
151KB
-
MD5
3fbc8e17cb9da2415668bcc9c22f88b0
-
SHA1
66879710e62797c06013c7ca924432e3295975e7
-
SHA256
fdb18d128decf596a3670a3407e9afb6c0320daa40f5e2ebc9bacb94b0d755b6
-
SHA512
0e27c3671709bac901cd669de232580b9a91fc9c6f68b837fbd2ceb5c2f8901c6fd3785255669563ed457ca2000975bc6b461d12939ab7e21d3de700720ec97c
-
SSDEEP
3072:xyqBXv8zjxf5GWp1icKAArDZz4N9GhbkrNEk1uN:vu7p0yN90QED
Score8/10-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-