Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Neverlose.exe
-
Size
9.3MB
-
Sample
240311-tglfnseh8x
-
MD5
9726e7377e9543885a2c4754381822bb
-
SHA1
0fd62ed358743ed8b3b94c35cbc72443f4d5c0ff
-
SHA256
66c2261a63363e5f2fea7d1232f86b9861eda79f187d31a2d19663e874ce4c9a
-
SHA512
848a004a172bd0d2280bfb0544552638060c8058a70f0ad55bae12e0836a0985ea0f886ef2923e4fc538fb40b00dd19d9832c7cc37c5c5a9f00e98a047992a5d
-
SSDEEP
196608:stDE8bCA1HeT39Iigw7vKub75bcjWgb66e7GGSEezfqAkjUWlRH2W:p8n1+TtIiF7vB5IjWq66eclzw92W
Behavioral task
behavioral1
Sample
Neverlose.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
NeverLose.pyc
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
Neverlose.exe
-
Size
9.3MB
-
MD5
9726e7377e9543885a2c4754381822bb
-
SHA1
0fd62ed358743ed8b3b94c35cbc72443f4d5c0ff
-
SHA256
66c2261a63363e5f2fea7d1232f86b9861eda79f187d31a2d19663e874ce4c9a
-
SHA512
848a004a172bd0d2280bfb0544552638060c8058a70f0ad55bae12e0836a0985ea0f886ef2923e4fc538fb40b00dd19d9832c7cc37c5c5a9f00e98a047992a5d
-
SSDEEP
196608:stDE8bCA1HeT39Iigw7vKub75bcjWgb66e7GGSEezfqAkjUWlRH2W:p8n1+TtIiF7vB5IjWq66eclzw92W
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
NeverLose.pyc
-
Size
174KB
-
MD5
bd1f23aeb1a7010f7df8ec97a7cf320d
-
SHA1
9c65376c9af2438c145ebe7242de93515cb1aaf7
-
SHA256
24205ef534e6c5d955c8b72c3e2e12e02a333947c000cb98e9aee05b858008d0
-
SHA512
a9a2f09dc3f2dbc014355065bd9a5166b11b6763d26d0f19b376282a51eb4c8f5b48ded488ce780152d08e9fd208e9870b990778c5ceee1d50aaceb366580141
-
SSDEEP
1536:R8sG5CVMtbfxAjNzCd29+6eGIWVBGWwiNZjkinOx2boGx/jOYh9vPiB9FBgxjhad:RwxH2peGICGWrOsoGx/j5HHm/XlTmlmf
Score3/10 -