Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Solaris.exe
-
Size
11KB
-
Sample
240224-pwpdnabh34
-
MD5
cc22d55a559c2a6c1b5ae9196854f807
-
SHA1
d42cfb8f9a3fecfa4068c7728ee5d88b212ff152
-
SHA256
e58d50abb3c718b8c74b2f845a0face5a7efa830c321dcb7f6933d77bba29146
-
SHA512
a3b78a5ece9f74a18c3edf236ba7aa1fef17ea743eacea2211b4125f37435c667de48e175e389001bced71c562c3815348d9447421cf6b8748156cef9c8e868e
-
SSDEEP
192:528Jl0UT5X45wL0jGz0+8lQTaglJaumeVr1gDgIe5SPdF6e5z4dLkP:52A/lhz0+8Ma0zm59dV14dk
Malware Config
Targets
-
-
Target
Solaris.exe
-
Size
11KB
-
MD5
cc22d55a559c2a6c1b5ae9196854f807
-
SHA1
d42cfb8f9a3fecfa4068c7728ee5d88b212ff152
-
SHA256
e58d50abb3c718b8c74b2f845a0face5a7efa830c321dcb7f6933d77bba29146
-
SHA512
a3b78a5ece9f74a18c3edf236ba7aa1fef17ea743eacea2211b4125f37435c667de48e175e389001bced71c562c3815348d9447421cf6b8748156cef9c8e868e
-
SSDEEP
192:528Jl0UT5X45wL0jGz0+8lQTaglJaumeVr1gDgIe5SPdF6e5z4dLkP:52A/lhz0+8Ma0zm59dV14dk
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-