Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
StudioApp.exe
-
Size
14.6MB
-
Sample
240202-gftpfaheal
-
MD5
ea6ab30812126ed8f703ecabe9f89f00
-
SHA1
6ca5fc27c598eef84065518e7a649dfe9c1c76a2
-
SHA256
22442d487765e55be893d7b769b48bdcc193d537aada4435954d6cbdb0563d86
-
SHA512
117b72096463a6a15ff654a36de4f9024cf494a466b4c0fc3ea867f9614c13c98913efcecc2fe690acd6fe006b5517b787570fa3214c7d3313b8a468876a07de
-
SSDEEP
393216:9kiIE7YoPQJidQuslSq99oWOv+9fg5SE70AQw:997rPQwdQuSDorvSY5S5At
Behavioral task
behavioral1
Sample
StudioApp.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral2
Sample
StudioApp.exe
Resource
win11-20231215-en
Behavioral task
behavioral3
Sample
Creal.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
Creal.pyc
Resource
win11-20231215-en
Malware Config
Targets
-
-
Target
StudioApp.exe
-
Size
14.6MB
-
MD5
ea6ab30812126ed8f703ecabe9f89f00
-
SHA1
6ca5fc27c598eef84065518e7a649dfe9c1c76a2
-
SHA256
22442d487765e55be893d7b769b48bdcc193d537aada4435954d6cbdb0563d86
-
SHA512
117b72096463a6a15ff654a36de4f9024cf494a466b4c0fc3ea867f9614c13c98913efcecc2fe690acd6fe006b5517b787570fa3214c7d3313b8a468876a07de
-
SSDEEP
393216:9kiIE7YoPQJidQuslSq99oWOv+9fg5SE70AQw:997rPQwdQuSDorvSY5S5At
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Creal.pyc
-
Size
178KB
-
MD5
4b3fdf3600c95945369a4b8cf2d96483
-
SHA1
7a2dbc74bcf1dfa56607d2d5164eeda59273f998
-
SHA256
1b9391cd6ec4a8b0fac07f70e977dadc067b6e0b998d08161c20d062be21a844
-
SHA512
d46bcb5b1811dff77c7e440c7961ba277d7aa0d0aa071a3f8c0bb84085ddf3f780c04e0c92dde3324bf5d9c63276761c6153346cc5380ddb5df99d1f12da8caf
-
SSDEEP
1536:uu6Drbe3uzTZMB7aK1vUt0pXd8Cqq+bL3BcwZgB7b+RMjlk1V6mk5ziOQzqh1guY:56Dfe3uz0BZtt8v1hgB76RMjWgl5W2rY
Score3/10 -