Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Python.CrealStealer.4.28055.30099.exe
-
Size
14.4MB
-
Sample
240120-1ggk2shdh3
-
MD5
1e68e1e04a5e94d7a17f686a488051ff
-
SHA1
09122f9525a957faf0d96c81ab95bb4def243c64
-
SHA256
32ed36fb1c3f23fbb5c9c3ca61ae089558cd85e5dec4777359c1a6ee6eb2b82e
-
SHA512
690415cefe821465600c3539b843b443c064b00c235ff27d8f4d80d03456d8de1b32f38fc2f4f36eba6eea938e71d6a78a74e2113486f5d857bf87c5bb2a370d
-
SSDEEP
393216:au7L/sQboidQuslSq99oWOv+9fgSMA+NT7:aCL0QbjdQuSDorvSYS6d
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Python.CrealStealer.4.28055.30099.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Python.CrealStealer.4.28055.30099.exe
-
Size
14.4MB
-
MD5
1e68e1e04a5e94d7a17f686a488051ff
-
SHA1
09122f9525a957faf0d96c81ab95bb4def243c64
-
SHA256
32ed36fb1c3f23fbb5c9c3ca61ae089558cd85e5dec4777359c1a6ee6eb2b82e
-
SHA512
690415cefe821465600c3539b843b443c064b00c235ff27d8f4d80d03456d8de1b32f38fc2f4f36eba6eea938e71d6a78a74e2113486f5d857bf87c5bb2a370d
-
SSDEEP
393216:au7L/sQboidQuslSq99oWOv+9fgSMA+NT7:aCL0QbjdQuSDorvSYS6d
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-