Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
VirusShare_911e66524f9a5cd74310756c975ce7cf
-
Size
163KB
-
Sample
240204-zqq1eaaeh2
-
MD5
911e66524f9a5cd74310756c975ce7cf
-
SHA1
560e3441ba41ba22652d8200ce57f17a9e1ec5c4
-
SHA256
9460876404af1e8aed0eaec4cb29b37631db3c9038d5dd2e6e2fdb3e60a8d0e9
-
SHA512
a92aff4f1095b67610f854e3f8be6fe11679ae0e38a8c0008d2fe493a05f1a613efb418bd8c42e36faf9498d8ecd15dc2f8424790ad5407c44fc184c996efbb8
-
SSDEEP
3072:KswLeUpdrYpctTXSERLK3pgotbLmMGWGLxsYrVd3ZephYrWttlUDzP:zwLjdMCtfRu5/tbLQrXpahHtjk
Malware Config
Targets
-
-
Target
VirusShare_911e66524f9a5cd74310756c975ce7cf
-
Size
163KB
-
MD5
911e66524f9a5cd74310756c975ce7cf
-
SHA1
560e3441ba41ba22652d8200ce57f17a9e1ec5c4
-
SHA256
9460876404af1e8aed0eaec4cb29b37631db3c9038d5dd2e6e2fdb3e60a8d0e9
-
SHA512
a92aff4f1095b67610f854e3f8be6fe11679ae0e38a8c0008d2fe493a05f1a613efb418bd8c42e36faf9498d8ecd15dc2f8424790ad5407c44fc184c996efbb8
-
SSDEEP
3072:KswLeUpdrYpctTXSERLK3pgotbLmMGWGLxsYrVd3ZephYrWttlUDzP:zwLjdMCtfRu5/tbLQrXpahHtjk
Score10/10-
Modifies firewall policy service
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-