Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FileZilla_3.66.5_win64-setup.exe

  • Size

    11.8MB

  • Sample

    240222-29spfsgc2z

  • MD5

    540fefce358b49cfb2cb9bd79fd41466

  • SHA1

    4afe78500f48a615945d49f7f66d8f0d06b973fd

  • SHA256

    b5dc1c1a5d7112d19f225d14b0ba7e704994d619e6b2767be341cbeca885d933

  • SHA512

    959f0c48831b53407787d4dab2efa4ce43101b5dc6b6ad08379e6dd4ab3e272598f11867a3e08d89f06fed3e29212b088a94b99be7d20acbdc1cccc449bd2214

  • SSDEEP

    196608:BM/6Kzx2kWsnteSykEa6E5VsBW5k6usPly9sJKloJ1/DIZvX6Pa3Em6oakmMthbj:BM/6eQkfwSNgVyFglobDyYm6/kmQHv

Score
7/10

Malware Config

Targets

    • Target

      FileZilla_3.66.5_win64-setup.exe

    • Size

      11.8MB

    • MD5

      540fefce358b49cfb2cb9bd79fd41466

    • SHA1

      4afe78500f48a615945d49f7f66d8f0d06b973fd

    • SHA256

      b5dc1c1a5d7112d19f225d14b0ba7e704994d619e6b2767be341cbeca885d933

    • SHA512

      959f0c48831b53407787d4dab2efa4ce43101b5dc6b6ad08379e6dd4ab3e272598f11867a3e08d89f06fed3e29212b088a94b99be7d20acbdc1cccc449bd2214

    • SSDEEP

      196608:BM/6Kzx2kWsnteSykEa6E5VsBW5k6usPly9sJKloJ1/DIZvX6Pa3Em6oakmMthbj:BM/6eQkfwSNgVyFglobDyYm6/kmQHv

    Score
    4/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a8c86996c4230c2209f5927f21321377

    • SHA1

      45ce0ab93cb6a3a594e54878cce05df724024393

    • SHA256

      110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855

    • SHA512

      69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3

    • SSDEEP

      96:mIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/23lkCTcaqHCI:bhE+A0+sF6piUFkAylncviI

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      d458b8251443536e4a334147e0170e95

    • SHA1

      ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

    • SHA256

      4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

    • SHA512

      6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      1d8f01a83ddd259bc339902c1d33c8f1

    • SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

    • SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

    • SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

    • SSDEEP

      96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis_appid.dll

    • Size

      3KB

    • MD5

      19071761e91c43c115a16b52458869b7

    • SHA1

      75ddb807157f1aa31a08f87be0270f60990bcbbc

    • SHA256

      e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

    • SHA512

      bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

    Score
    3/10
    • Target

      $R0

    • Size

      33KB

    • MD5

      d02454e5e342d3f825b57137aa92a345

    • SHA1

      6dbbf9164a54963198affcbf4c5928fdd29afd99

    • SHA256

      b425a8e076dfccf9245d724d3a228500bf128aea9fb24795ee3c6020d2e9df6a

    • SHA512

      625ab607ce7c5e56a29ce9a8eef9dae0d92fc8ac947bb074ea8ad14bb40a6bb79d72c53f4c99a13e6dcd8054fdb95f0b93abcc246442bcccdf82168938e6d63a

    • SSDEEP

      768:82/5ZWpdwrGUxnyiehH/kZjGyxUUyg8GENAMx49:zBZWpvWaGj7UjNXxM

    Score
    1/10
    • Target

      $R2/NSIS.Library.RegTool.v3.$_80_.exe

    • Size

      5KB

    • MD5

      48b4f7d95dbff3dfc74fe3d9e41524b8

    • SHA1

      7bfc27a6eac4796029e841f9d5a61d37de6b34be

    • SHA256

      fc6f7befdd834ccf59aa660497f197d85776f3d95736337d1b9f4417e1db8d6e

    • SHA512

      c51d21f3d76d915086324ecaf54f6da7b4fcd2aec9161812fde63e70f6aa1b30709cc6ae5d30abfcfe9141edd6e9e44d49de83a06753cbc5d37ad0d658cc740d

    • SSDEEP

      96:qBg4ARDDMDQB4dtVfhxr+qOspqME3zpHC5:isDDcQWd/hxaq/sMsC5

    Score
    1/10
    • Target

      GPL.html

    • Size

      15KB

    • MD5

      11e176c5e0120ee94e365f999084bce8

    • SHA1

      a612f6d40d0d2ae045d80b60bce6fb6f81a811ef

    • SHA256

      f7e89c1edbbef8bc837b47c48113a2416f1af0cfc2b2218da39085465ea1045c

    • SHA512

      d0532df4fe5e995df49f3e58127f5fc9637fc4f1afbb29e92ad16897c1055f77963277f5143458b9a294d1c24559bc594e0ae5469271ece639c8e66a5555d5a3

    • SSDEEP

      192:tiMUzQS+LrQWJz6Z6q6pdPIK8kV6AWRzdbDaz0pmN1rMbkBJ9R8/CmBHf3KWkc:tZUz5irJq6jIuV6fRzd3c0pmbMCzRLw7

    Score
    1/10
    • Target

      filezilla.exe

    • Size

      4.0MB

    • MD5

      4851a345bfe906884e0aa95eaefd2a99

    • SHA1

      3ee4d00880c523a8de9aa2919c45ca36e45a5788

    • SHA256

      f23586077288f615dbc1bacf7b1ebbe4ae266d2e0e1e2b4bc2961762102719f7

    • SHA512

      437443490c76ae0dfcd3654e43fd86bd037e261ab4e1457a4eab8dfd0dd80173dfb11536ca2af6fa4d75fb0413793b97158f347778b7d79e2796416ec2bf1499

    • SSDEEP

      49152:pukt9OFd6BI2qQkt1B5LP8/QJBt9wyuaG7QI7UhQ0es5DIWhyR8VtS6JSIF+bcLY:oqQ2qdzRLS6JSC5U

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Target

      fzputtygen.exe

    • Size

      355KB

    • MD5

      f202d64a47456e50acba6dffef26c65c

    • SHA1

      edad917fb2e07fbdcc77ddd46b85cf268546bf0c

    • SHA256

      e71cf3010e46db0922f0c25251885d1317f2e695e3f7e4fecc035f0d3d987fe5

    • SHA512

      3eccc1aa9bdedff9c066409c0dccb4479af50afb3a9e0739b187ff5f930d17b92821f45bb31902c25146a1f301faf40fd7f0e02e512cf3449ee89c4a9a7cf57b

    • SSDEEP

      6144:Ltc5log92nfS9SNNRhyw6Hnsu69H8BoRZWszcMd4NN:pc5exn68fRhyw6HcH1RZxhd4b

    Score
    1/10
    • Target

      fzsftp.exe

    • Size

      647KB

    • MD5

      f0814b8ed97027f251cf76403e1a12ce

    • SHA1

      4db14cc3f41c9ef5f72aa975626a037b03dbfe9c

    • SHA256

      311488e3c21f1b3573bbe049f94d82135bb049a97128c26f2edded9ec6892adf

    • SHA512

      ea48e848748258182c1a8787697eadf8725906463ac78fdd7b2f9d111b7df1446ee54b7ac817e8b634cb8bd5022f98b5860aad11b407a7fd65fe22775ef56c83

    • SSDEEP

      12288:v0i9L2KhouhU7MhrxuJwfe4qKDVQn/d4aBrVA6ZwCOUQZbBz7G6lN:v0QL2KzhU7Mhr4mrqZ14apgUQZbBz7GA

    Score
    1/10
    • Target

      fzstorj.exe

    • Size

      9.8MB

    • MD5

      04edcdcdbae273e19e04ad0ab1116834

    • SHA1

      7ccf4f4652fd71a35ecffdcf8f45d1942dead43d

    • SHA256

      35cc8b5548b8b5de0f1a55afc515214df9dd109cc5133df686445d82b3ea31db

    • SHA512

      4a0a2bc84193f42f579fd58040bb4a598d6bffb5bb1ec61c2705fc080eae605938bd2aa0f5281ad5cb3deb46c69313c5bd06b0757cdc5cf4fa9f42fa99e8734d

    • SSDEEP

      196608:E474PITB45BLtG9sCkvf2C/2RrHxvZuNw5EstcMqkhYpuFQkce:R4PerWe

    Score
    1/10
    • Target

      libfilezilla-42.dll

    • Size

      891KB

    • MD5

      34a1e09147a3b5be04bdd3d549edd11b

    • SHA1

      f47cdbfa3719cc7897c472c8ba0a3591c63bb110

    • SHA256

      5a48633810356d16d96004f343df8b5ae361f2a170de9bf92cb94578e034533c

    • SHA512

      7800c94907aeec900175e8d37f5bf7f373c0c59f80c8982b843ffdae2c2cb6549aea2c271296a3bedafa08cf03fe1753659acb3244c57b48b959e24ef242a5a7

    • SSDEEP

      12288:yZ7Zr8KF3ksG0sn8d7cNV9MNCemcx1+C1PS0ZDu4POjjjSDtQjC4n/:y9ZrBvSn8VvNCeEz0Z3Pq/SDtQjC4/

    Score
    1/10
    • Target

      libfzclient-commonui-private-3-66-5.dll

    • Size

      611KB

    • MD5

      5e0dc1ec221d3a564be50e9e416bf43d

    • SHA1

      2b808c44c80b9ae6b9e4bf8cb27df0b8191577af

    • SHA256

      44b1d3616ad095d7d9ca23b3cc77e76c372ce65e5f568fe619990d34ccaaaead

    • SHA512

      34edc6cc998cd2f92278e5bfaceb73690fe3f01323ea136f2ecc8b157e8fc1dd252073682f8f225a8eabd6ae08c2314e8d454d183359fdef7cdae55ec78299bb

    • SSDEEP

      6144:rc1+MmxFlHVvQdpwaWJ8eho2e3zrJ2gLo4MVnmmaPyq8ub0LqDnK737xnE+/zMAe:umxFl1vQpSgJgjVmPPygUoK737++/z0x

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
4/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

spywarestealer
Score
7/10

behavioral22

spywarestealer
Score
7/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10