Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Setup.exe
-
Size
26.9MB
-
Sample
240309-n6pazafd75
-
MD5
f6d14262dedf30fe406a6a83bc285848
-
SHA1
8fcffcb218cb7b759a26c3125d03246c9eb60308
-
SHA256
9258d993b240a43e7c595db26b9f04a7e620a240a2ade29ab1daff528462a517
-
SHA512
51075d388a5c280c999c37d182de08e4989f8ad2af4bb02c012c5f0e5fe5be99ea5579e3adab6e29653798110f77af9c78328aca7e9ac4054b4a8753ca01cad7
-
SSDEEP
393216:vW3AUWON8SUpFLkl5J3TEaQMlPpSEh58UEmnoFDki+4Cs/nhKDX+m64qHIsn6P:+OOtUAljoaFfSAhr2Cs5KDXvqH3n6
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
discordrat
-
discord_token
MTIwNDk0MjY0MDY0MzMxMzc0NQ.G2mhX6.W77F5TMZuCC1U8GHoOD8TxwembX1ccz-N2lX0U
-
server_id
1205273351032143953
Targets
-
-
Target
Setup.exe
-
Size
26.9MB
-
MD5
f6d14262dedf30fe406a6a83bc285848
-
SHA1
8fcffcb218cb7b759a26c3125d03246c9eb60308
-
SHA256
9258d993b240a43e7c595db26b9f04a7e620a240a2ade29ab1daff528462a517
-
SHA512
51075d388a5c280c999c37d182de08e4989f8ad2af4bb02c012c5f0e5fe5be99ea5579e3adab6e29653798110f77af9c78328aca7e9ac4054b4a8753ca01cad7
-
SSDEEP
393216:vW3AUWON8SUpFLkl5J3TEaQMlPpSEh58UEmnoFDki+4Cs/nhKDX+m64qHIsn6P:+OOtUAljoaFfSAhr2Cs5KDXvqH3n6
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-