Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setups.zip

  • Size

    99.5MB

  • Sample

    240219-zrmpdadf47

  • MD5

    84e9ff08c30eae5780e9d5fee11b49fc

  • SHA1

    3850fbb6ed3e083c1ceba75a6ad751d7b650be2f

  • SHA256

    081ae5c21adb12d5661e6849efa6003d14f8be48256db982281d66adf956818d

  • SHA512

    336c6add22ee53f10e8465429b746c3cb09c5fd69eac54f862c34ad26e42a87b55bb49335a6457e72f866578959b65f907db368c21a47de141e7baef3a6803ba

  • SSDEEP

    3145728:VfmuZpJVB8zUS1Bod7vjmwpnFuijqD1s6bmXca:VeuZbcwS1aZNjODlbmMa

Score
10/10
observerpersistencestealer

Malware Config

Extracted

Family

observer

C2

http://5.42.66.25:3000

Targets

    • Target

      Setup.exe

    • Size

      99.7MB

    • MD5

      3d54a88bea517fb58ecb46f3d7f94777

    • SHA1

      b51360050b9785d01484d3d7b5c9796f98a8a0d1

    • SHA256

      13dcfc1aa528addb278f703cd8fc7b0aaf8cbeb8242bdd0a070401099de854f2

    • SHA512

      92c68b0b329b80ef892ffa838dd94e6c9d10e48e0e6f8840b9933b777bfa50cf5ed1c0ddea2c74a3c27d05310087a33ebfcaa6d8df71e8cdce46eab703d4299a

    • SSDEEP

      3145728:qbzHAlMRvSvTXKX5U1LAcHbBlpmDHxc20Z/s:iTAmcLXKsxr2R4Z0

    Score
    10/10
    observerpersistencestealer

    • Observer

      Observer is an infostealer written in C++.

      stealerobserver

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks