Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

NSFW Gener...EN.exe

windows10-2004-x64

7

NSFW Gener...rt.bat

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NSFW_Generator.zip

  • Size

    13.6MB

  • Sample

    240228-kcy2jafc51

  • MD5

    13d393059d3aad115b1119cdb7389a32

  • SHA1

    bc7c89aacacdf0027e6274312dd0f4f4ee5d21c4

  • SHA256

    8a714538823fc5e4cdbec6114c6d30fe3ab2eb2b557b81de4c59e073c85aa765

  • SHA512

    6eb50b0ea1ead56752da0d569e6a0ebffa69d8693675084522800ecce6754952d590f5179bc087b340ba935ebffcd214d961f9a2b30891cf812f6d1537ede2b9

  • SSDEEP

    393216:+ntaFcUCtjef0WtDLC3nz4zJFCU0+sSqHF3cVGhF4FvGsc:q8FXCtw0Wtaj4Pr0HSqH6AQvFc

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      NSFW Generator/NSFWGEN.exe

    • Size

      13.8MB

    • MD5

      638d136547ece9e4f282d62aa6562a07

    • SHA1

      19ba1d25332fac7c3fe7bf0eae2ad3520fded5db

    • SHA256

      d7407d5dd0dca80aa9798ff6aaa10635474feab533b7e6db87d759abf69f1ee8

    • SHA512

      e1c2f4a6ffff124c5a7cece7a48be026f1098708376f3e03d46f2e8a0f35e05d223da05b78ef3417422d62ce9feaa137241b0f879b731f63b2c1cbaafebc3323

    • SSDEEP

      393216:hiIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57F1bmXdWCNx+:O7r5DawW+e5R5oztZ026e5XkVN4

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      NSFW Generator/start.bat

    • Size

      17B

    • MD5

      7832b275978713ff3c40544308894cda

    • SHA1

      981608258b7ca6860bc90981321716d167884302

    • SHA256

      fa52f3a6d700af1047bd644f48985baa147256b612cc0751968cc3e0715c69c1

    • SHA512

      d77c0216f1a4e7dae6b417c3c1e3339fce4cf30b112dc8251011ebb82ad489b2366e71699323af14e72c96a4793fc5bb86a22b6bb723d2302cf5e6712a3cac85

    Score
    7/10
    spyware

    • Drops startup file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.