Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
F51D69C196B61F96B9C0B857B318D47D.exe
-
Size
104KB
-
Sample
240304-ryjmasdf76
-
MD5
f51d69c196b61f96b9c0b857b318d47d
-
SHA1
5b1fbc4eb4430e320d56984a0d315dc2eadef5c2
-
SHA256
6a46894366dca550d9e1595d8b87db420d8a96c7b542b35103f8453289d448da
-
SHA512
67737df9161b9cf14ab01dd24f867494fd74821f65e00ceeec4fd51993f0ff8f305c58edfd63d74a6506fb162c0b4473a0998c87aab22f0e3f8e792ea044e3f1
-
SSDEEP
1536:+m5I/q/5+CyqT3AD/DulW3LWBf+uUNjqaLeO1x9uRYuITv9gEFs7kzb5vRs/nt:DICB+C/lW3LWBfAeOB8XcgEvh6/nt
Behavioral task
behavioral1
Sample
F51D69C196B61F96B9C0B857B318D47D.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
F51D69C196B61F96B9C0B857B318D47D.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
pony
http://myetherwallet.kl.com.ua/1/web/gate.php
http://myetherwallet.kl.com.ua/1/web/path/gate.php
-
payload_url
http://disk.karelia.pro/0W5vZoi/svchost16.exe
Targets
-
-
Target
F51D69C196B61F96B9C0B857B318D47D.exe
-
Size
104KB
-
MD5
f51d69c196b61f96b9c0b857b318d47d
-
SHA1
5b1fbc4eb4430e320d56984a0d315dc2eadef5c2
-
SHA256
6a46894366dca550d9e1595d8b87db420d8a96c7b542b35103f8453289d448da
-
SHA512
67737df9161b9cf14ab01dd24f867494fd74821f65e00ceeec4fd51993f0ff8f305c58edfd63d74a6506fb162c0b4473a0998c87aab22f0e3f8e792ea044e3f1
-
SSDEEP
1536:+m5I/q/5+CyqT3AD/DulW3LWBf+uUNjqaLeO1x9uRYuITv9gEFs7kzb5vRs/nt:DICB+C/lW3LWBfAeOB8XcgEvh6/nt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-