Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2222.exe
-
Size
227KB
-
Sample
240205-m5ff1agcbq
-
MD5
2d609a4bb5b23b1811bf7f18c8d86504
-
SHA1
b3c21506848edd61dcc21e71ecbba740a9929f5b
-
SHA256
419f948e7da8922465cefdda7d2a6b86adf6a6165c8bcf79963e5b2fd8a8f7d5
-
SHA512
a73c96bba173c30e64a6d49a9da26b49fca44828f7d3aaa14d4070d1b55b0d0a891e3ba42565c6e94d4ebf085cbb6742b7f5c6956d1019d8fd4cdf07d13953e0
-
SSDEEP
6144:+loZMorIkd8g+EtXHkv/iD44Z44KInDAvZMK7bCpHb8e1mp8i:ooZHL+EP84Z44KInDAvZMK7bC9qV
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1204001041151164457/58E_8BYTbBaL7TinEq1fpWbHhcPMLkT4TgEE7gNN2nbqFlJil4PT-CZHLYhATtVyr6XM
Targets
-
-
Target
2222.exe
-
Size
227KB
-
MD5
2d609a4bb5b23b1811bf7f18c8d86504
-
SHA1
b3c21506848edd61dcc21e71ecbba740a9929f5b
-
SHA256
419f948e7da8922465cefdda7d2a6b86adf6a6165c8bcf79963e5b2fd8a8f7d5
-
SHA512
a73c96bba173c30e64a6d49a9da26b49fca44828f7d3aaa14d4070d1b55b0d0a891e3ba42565c6e94d4ebf085cbb6742b7f5c6956d1019d8fd4cdf07d13953e0
-
SSDEEP
6144:+loZMorIkd8g+EtXHkv/iD44Z44KInDAvZMK7bCpHb8e1mp8i:ooZHL+EP84Z44KInDAvZMK7bC9qV
-
Detect Umbral payload
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-