Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    x64 beta.zip

  • Size

    168.7MB

  • Sample

    240219-wtfr3aac5v

  • MD5

    dd6c1b2995c77a00cda82abcd981f6ef

  • SHA1

    74544b5c736b8544a6b76991f83a8de788dc32d2

  • SHA256

    5dfa7816c521fa59c1e558ca48e39632257afa88b97b901160e2ff97ad63e681

  • SHA512

    bddea2d267a46cff218270bfb890be1d6c94b9c83a86c24a4d87f6560706f84b4beb2bb57a90f39832870cc622d38bde47659c59dce6cc96b160fc9d81c4c287

  • SSDEEP

    3145728:NkqcdhePd9JkGwazLJAZ1MrvNrrDe0/xcWFnn/0Wn4O7sgWBLXtMTpsAW3L:6XQd9ybazL+ZGVrDe0JTnn/0Wt7sgWZX

Malware Config

Targets

    • Target

      x64 beta/AntiBypass.dll

    • Size

      713KB

    • MD5

      2a4a33f9d45a5aada45f81e91278afd7

    • SHA1

      7cbf42cbf24219db0c97428a5099ba16cd88a415

    • SHA256

      c4eabfee8166163d5b03661d6af42c50734b39feba45fe54cfff7b315570d4d0

    • SHA512

      d6bf8eddaf83c2b5ce2d1a3e5a1666de22a370d468ecc9f0ef49b3e5e12eeabdb44315c71984135a24e9b53cd77b214d613aa00ce7cfeead5b6afb6d50a0e3c6

    • SSDEEP

      12288:RqKd5JFifKBFtgzbBky8fI5nRYZsHaBEyFot2wAp+Nrda7ESLqlF3YeYsSSFvO:lgKBFt2ORfIfdHaBEyFoBAerkAr6PfS5

    Score
    1/10
    • Target

      x64 beta/beta.exe

    • Size

      71.1MB

    • MD5

      fd87d8504bff1dd114e6ab4612b3670d

    • SHA1

      8b75489ddf95d5452ff48ec6324d4e585b4bb7c3

    • SHA256

      49291064e6fc7fe3968d7f2208823fca919d13e77129160689cca788a1fe80f6

    • SHA512

      d550f6ec0de45ef3aaca5bd0bb6d3f3870afc5759d7549d4a6714bf6c802d42dc5a4fed6bedd5d021475552e7bb785aaa8ee01c6e5721f6cc03b41707aaff89d

    • SSDEEP

      1572864:54/4rzOchPh5FmfnPd5I+fC3QVkh8w61pdvQNuDJ7:+kqcdhePd9JkGwazLJ7

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      LICENSES.chromium.html

    • Size

      5.2MB

    • MD5

      df37c89638c65db9a4518b88e79350be

    • SHA1

      6b9ba9fba54fb3aa1b938de218f549078924ac50

    • SHA256

      dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463

    • SHA512

      93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

    • SSDEEP

      12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZb:sPM95FCWStQj6ERs/mfMl6H0skDpS

    Score
    1/10
    • Target

      beta.exe

    • Size

      139.5MB

    • MD5

      809ca215de4598350eaeddb5a94ebbba

    • SHA1

      caccfadb6b96dc6155696f6309c3ea492078bb5c

    • SHA256

      0f702f8ac538e810649808f0d9b6000e1aa4360849633c0ed76ec36e2cfc8332

    • SHA512

      1521a30cf760277a24ed1446d29eb71af297582ac2d8b4546a322ec9690a8094963a194d7f2fdec65e2e59673c8f912557182e673af8d46cd29bd20989cdae36

    • SSDEEP

      786432:f14w5ThzHwQBgmoLWv+K18nCzKdo5DTdvfMQr6SSmPuvh8tSIW68:f14kpHwQjCWv+K18CedmVvEQEpcJW

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      d3dcompiler_47.dll

    • Size

      4.3MB

    • MD5

      7641e39b7da4077084d2afe7c31032e0

    • SHA1

      2256644f69435ff2fee76deb04d918083960d1eb

    • SHA256

      44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

    • SHA512

      8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

    • SSDEEP

      49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt

    Score
    1/10
    • Target

      ffmpeg.dll

    • Size

      2.6MB

    • MD5

      c3842fb3087cdcdb04020ac38683c289

    • SHA1

      329dbcd4a1c79b891b200f11eb50194b85c493bc

    • SHA256

      e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133

    • SHA512

      069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5

    • SSDEEP

      49152:JcMr6+FXptsXTmgP7he370olRK+KCKyRb+kyqVZWxX0b4unfruHw:RKer0olGyByEf8

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      437KB

    • MD5

      8352fd22f09b873193cabc2932be92f0

    • SHA1

      5bd2b58854b279f1733c5f54ea2669ee8a888d9e

    • SHA256

      14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c

    • SHA512

      7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

    • SSDEEP

      6144:odpiWYLBViWOSdAr1Knk2mI3LpxE0RYqowpW6VmHrtff1FI:ipvYLbiWBqrQnPxE0cKmHZ3P

    Score
    1/10
    • Target

      libGLESv2.dll

    • Size

      6.7MB

    • MD5

      b6a433dc7b4030fb17bd1683a9606b6e

    • SHA1

      0602c50532e3f13facc67bd95a048c470e88afcc

    • SHA256

      f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9

    • SHA512

      b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1

    • SSDEEP

      49152:aYKj6OhH5vSqGZ/UUopyV+gsIm3H9VnT+EisbCQ12+Q6nUBnKJ/lwE2f9rgqFnka:CvSqGZaVoH9xz+TPYrijOxm

    Score
    1/10
    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10
    • Target

      swiftshader/libEGL.dll

    • Size

      450KB

    • MD5

      19dc9ee70e7765bb63a66b6826e8ecb7

    • SHA1

      1a12f983f8b35cc2955d30657971f113c47dc164

    • SHA256

      83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f

    • SHA512

      1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68

    • SSDEEP

      6144:gFzcMPKWOp0q29LDwK3p3KHvDstVpphcSGbwSi6DH0hl:g2WOOqiLDrthhcSGnc

    Score
    1/10
    • Target

      swiftshader/libGLESv2.dll

    • Size

      3.0MB

    • MD5

      c0b36d56d83e601bf246f7709a8c5f9d

    • SHA1

      b025a6070f7d61c7d1827856d2d4043834fd23f2

    • SHA256

      45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53

    • SHA512

      e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1

    • SSDEEP

      49152:D0mOy4fytPTlZQPF/IBCfG/owBx8iqQyehF3Hn0gPD2vzFW/GyCbZpjGKiqZ/nYI:DgfyjyeelZ/YNg/Yr

    Score
    1/10
    • Target

      vk_swiftshader.dll

    • Size

      4.4MB

    • MD5

      de2d91476e625278c30a5f69a1892e05

    • SHA1

      4d707f6a801611fb437f5c1cba31b0909bf41506

    • SHA256

      02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba

    • SHA512

      d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532

    • SSDEEP

      49152:px2VjoakX4pb7QH1fUlTB7zmNmdpTE5NSomaZXYjLlHks2RPF/lOzl+LZ/n6du7F:K2DtJ+wixdag

    Score
    1/10
    • Target

      vulkan-1.dll

    • Size

      819KB

    • MD5

      b91586bd80e057a7f62bdc4422744812

    • SHA1

      a1df644421ece2e740e5bf0ed98b4f269fd85c39

    • SHA256

      8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02

    • SHA512

      94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

    • SSDEEP

      12288:ekyJJLfcn5To6PuXtLvEdGnZSss43uobIoD:JnhoR5Ed8S2ukD

    Score
    1/10
    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      424KB

    • MD5

      80e44ce4895304c6a3a831310fbf8cd0

    • SHA1

      36bd49ae21c460be5753a904b4501f1abca53508

    • SHA256

      b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    • SHA512

      c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

    • SSDEEP

      6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

    Score
    3/10
    • Target

      x64 beta/dependencies/2024-1-12/auth..bat

    • Size

      6KB

    • MD5

      8825cf897e698ebbdb8c707bb39d73ca

    • SHA1

      dcece549ce6ed0b24ecc1faf80280c225bdcccae

    • SHA256

      b332d0f81de5a8eced6109033f05192e2aa5ca3ed0a523367428813924a9a28d

    • SHA512

      e3c63dda17128929108ff5492364b4d2df8126f2a8c17d7384ba9f7b0651aec72c11681dd7196f2eef7d693b9b3165b96fc05c98afc40fab9252ef2c7a26e3f9

    • SSDEEP

      192:sYHAivgiRwe5f11ATNLCAtMT7/4+tGs1PP/uQz8tz1hNn:8i4iRwe5f11ATNLCAtMT7/4+tGs1PP/M

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
7/10

behavioral4

Score
7/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
7/10

behavioral12

persistence
Score
7/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

evasionspywarestealer
Score
8/10