Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
UNBAN TOOL.exe
-
Size
8.2MB
-
Sample
240219-jf78yabc29
-
MD5
97778110381424d20652bf10ce2de05b
-
SHA1
ac55a587889dc1667e40f96533d7715beb1bdad6
-
SHA256
6b26d8412e6b4a854e3293864ba8220afae9187f6153882df4fba9a776236351
-
SHA512
570b4be26c26613e76b454c5b78ebb8716e840067e5422af2c5221f4c174c1661c1450ec69b8430c234b047180358768bca98fb965c2f59be226b4427fe66016
-
SSDEEP
196608:V7Ek++kdidQmRJ8dA6l7aycBIGpEGo6hTOv+QKfJLg:NEkcidQusl29foWOv+9fJc
Behavioral task
behavioral1
Sample
UNBAN TOOL.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
UNBAN TOOL.exe
-
Size
8.2MB
-
MD5
97778110381424d20652bf10ce2de05b
-
SHA1
ac55a587889dc1667e40f96533d7715beb1bdad6
-
SHA256
6b26d8412e6b4a854e3293864ba8220afae9187f6153882df4fba9a776236351
-
SHA512
570b4be26c26613e76b454c5b78ebb8716e840067e5422af2c5221f4c174c1661c1450ec69b8430c234b047180358768bca98fb965c2f59be226b4427fe66016
-
SSDEEP
196608:V7Ek++kdidQmRJ8dA6l7aycBIGpEGo6hTOv+QKfJLg:NEkcidQusl29foWOv+9fJc
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-