Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
LumaSft.hta
-
Size
162KB
-
Sample
240204-xa7bcagce7
-
MD5
50b4ea549c48d995ddf248188795d2d8
-
SHA1
bfda7329b7a8519b20617d39da553464a3163d29
-
SHA256
e93a2475fff6c02d66d92680bf19edfce3a89129e89408e76396ab1ee7ed36aa
-
SHA512
42d22c0cd19a8dc3d923403a53115d2297355038c3a3d1ba93249b4f2faa3d5f84f594a49a7edcd2fa7d03f0fd0ac394ba12eb997c2f9ab97b3380e62e6fe949
-
SSDEEP
384:fuhtvGkNrkNrkNrkNrkNrkNrkNrkNrkNrkNrkNUQtWgQlqQQwGt9OYF:fuusssssssssszQ6sQQl9O0
Static task
static1
Behavioral task
behavioral1
Sample
LumaSft.hta
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
LumaSft.hta
-
Size
162KB
-
MD5
50b4ea549c48d995ddf248188795d2d8
-
SHA1
bfda7329b7a8519b20617d39da553464a3163d29
-
SHA256
e93a2475fff6c02d66d92680bf19edfce3a89129e89408e76396ab1ee7ed36aa
-
SHA512
42d22c0cd19a8dc3d923403a53115d2297355038c3a3d1ba93249b4f2faa3d5f84f594a49a7edcd2fa7d03f0fd0ac394ba12eb997c2f9ab97b3380e62e6fe949
-
SSDEEP
384:fuhtvGkNrkNrkNrkNrkNrkNrkNrkNrkNrkNrkNUQtWgQlqQQwGt9OYF:fuusssssssssszQ6sQQl9O0
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-