Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

General

  • Target

    WeChatSetup.exe

  • Size

    213.9MB

  • Sample

    240316-mgtzgsba96

  • MD5

    f532bf00404c7e1c85cf0beea77a8087

  • SHA1

    2e4b7a89c9dd6c94b0e2d1c4590647dac1db6e01

  • SHA256

    f6de40a0e0c5b51daa70456189d10f7fc1e7dcd36168cf8afcb17035efda6686

  • SHA512

    660a0f9e3d67cda569b1f23bf58704f88fa3954051ea54bcd45809572da131421cb54a799b2a09f8904b079aa62a2116525d07514780bdde50c5772dcd0cecab

  • SSDEEP

    6291456:WGQuGyvvAlDNxMPt28nxoW94yGGGQnJGSEDeS:WSGyv4lDXORLnJ9LS

Malware Config

Targets

    • Target

      WeChatSetup.exe

    • Size

      213.9MB

    • MD5

      f532bf00404c7e1c85cf0beea77a8087

    • SHA1

      2e4b7a89c9dd6c94b0e2d1c4590647dac1db6e01

    • SHA256

      f6de40a0e0c5b51daa70456189d10f7fc1e7dcd36168cf8afcb17035efda6686

    • SHA512

      660a0f9e3d67cda569b1f23bf58704f88fa3954051ea54bcd45809572da131421cb54a799b2a09f8904b079aa62a2116525d07514780bdde50c5772dcd0cecab

    • SSDEEP

      6291456:WGQuGyvvAlDNxMPt28nxoW94yGGGQnJGSEDeS:WSGyv4lDXORLnJ9LS

    Score
    4/10
    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      492KB

    • MD5

      633625aa3be670a515fa87ff3a566d90

    • SHA1

      de035c083125aef5df0a55c153ef6cc4dd4c15b4

    • SHA256

      bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

    • SHA512

      3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

    • SSDEEP

      12288:LAeafIS4J8anXexYWGRhvgbTu4RJ6//sCMUx:04J9/WGRS33+

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    • Target

      $PLUGINSDIR/WeChatInstallDll.dll

    • Size

      3.6MB

    • MD5

      2acb0c1f4f388e1dd5be9a01c9593185

    • SHA1

      4700a4c989ef847f0bf39c907d08968003ec5942

    • SHA256

      749fb2d7f65cfad8928a842d1103c22dab3239296472947798504b15858422ba

    • SHA512

      fcba0b51326ead208db123c17118c452082fdcff9379328c5b4c0825d4039de80932cab8c38a2b7f95955907ce1a92bba4021e7e48bab7988991088cf7189f7b

    • SSDEEP

      49152:OGHSauEm8jA+ZojaXvP3WW43XOYlZiz2yNyc0yfgWFbxq/WPyZuTJGeXMK+u80e8:OGHSabb7ZB/P2l+0yfgO0/FZPeV+d03

    Score
    1/10
    • Target

      $PLUGINSDIR/nsInstallAssist.dll

    • Size

      192KB

    • MD5

      28b411f3793dbcb81d6f3d3b0527cdba

    • SHA1

      7614310be1231850e811a818f58ee8b54ae9ceaf

    • SHA256

      0281e384c94cad29fd8279c1855f671c2dd1f7772cf5645f573dd1df2b3bd127

    • SHA512

      e5c9f21e9838eca54a8ededb1bf279453e116b6cde629a75ad057b6438deec6bcacf6e27a81c8aa0fc732f26dc28cee7a006ba6d68c08846b92937e388349d78

    • SSDEEP

      3072:tYglJRVqBh6wpVwGs5m5tEA346FO5F3zyY7IZGptOq5LSx/tcDa:FdqBhbWCuFpyq5SXya

    Score
    3/10
    • Target

      Uninstall.exe

    • Size

      1.7MB

    • MD5

      65a8d4d556099f4a62b3ab141034f38e

    • SHA1

      38d2ee2b7a2c363cd99ab46d03fab2b87ff00d9e

    • SHA256

      caff82547f14b0afff408cd83625321ad00c5145d9086e7f5c74c6ca10899f54

    • SHA512

      f3ad2c0fb2d78551f6a65cbd4aae6a3ea5f3653e4456ec9fb4aa36ab299fffe9712acb3da91b272f9cef7f2d7216e38a9685d9179bf72f6f9cae6cebc5d8f8f5

    • SSDEEP

      24576:0GTJPUbMP326XBoBBYHsIfDczcu5IOQ6LbitlK3cBD5Mm1cBJkkMG5pOVUWjPSdD:FI2G0oWMIoVljGG3aqmQkk9OOpt

    Score
    4/10
    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      492KB

    • MD5

      633625aa3be670a515fa87ff3a566d90

    • SHA1

      de035c083125aef5df0a55c153ef6cc4dd4c15b4

    • SHA256

      bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

    • SHA512

      3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

    • SSDEEP

      12288:LAeafIS4J8anXexYWGRhvgbTu4RJ6//sCMUx:04J9/WGRS33+

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    • Target

      $PLUGINSDIR/WeChatInstallDll.dll

    • Size

      3.6MB

    • MD5

      91153d3fc0b835b072aeebc4d8837faf

    • SHA1

      1e1e524be7c69077229973e385c447d9692ad937

    • SHA256

      a7971bce47584535e9033f9d72d8f6f386c7d8deef3b93e11de50cf9574f7413

    • SHA512

      2b49c6d701cc6f0d25a81258dcec2159ab3ea30389d18aadcc486c540f5daf6adedf998def1bf5c5fb4a5712755dbca710387c862a89138b23ec081682e835ec

    • SSDEEP

      49152:IBTaBlUSRRWRgyuHaLF12pv55EW4AXO/hPsQIYmSXyfgY2YBlWPRGtTLJMK+u8GJ:IBTaBzIguwv/ShTXyfgClmG13+dTW

    Score
    1/10
    • Target

      WeChat.exe

    • Size

      644KB

    • MD5

      66eb21741ecfc2a8a53a24d65ec7a40a

    • SHA1

      6d70532a0b9a1012da004bb78461fff8d9845253

    • SHA256

      64cd27f902fdf3e74c2ed74f7640ec000441ef46daffa20416da582e751b18a8

    • SHA512

      47289021ab9543a30a2ab647f42619cba048be9c03f4b8c6fbc888bb7167c0cd8868e482114874c0b6c8f02dc48b6e87d22b1c4f04e53a0d20b62897199955be

    • SSDEEP

      6144:GYEMF2LJ65kzLpKhlD24mjLrTeXivA29PR7YK:GYEtLJ65kzLpA1VOr9J/N

    Score
    10/10
    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Target

      WechatAppLauncher.exe

    • Size

      612KB

    • MD5

      08e35f062f4ab4583e683360fda618c9

    • SHA1

      69278dd8903ab811e5475d3cbe3ffa64f337fc96

    • SHA256

      19ba49900886740468c8b42c3137554a72348cb9c7f197283ea05998313ab667

    • SHA512

      14380cea0ec17daf79395cb36866b0cb44a05dcc1e1a21198817b20f949841ece07e7c17b0a91c1a35d2e97cb853e9842d1efda5fc235fb2d3404a7ae3c01e9f

    • SSDEEP

      6144:1M3AikYL7twGMx4s0eBRWZp2QGnvY4lgNt:1CAi3Y9VBgZp0vH6Nt

    Score
    1/10
    • Target

      [3.9.9.43]/ConfSdk.dll

    • Size

      1.3MB

    • MD5

      b469a62b38b18869c3146b16652f7cad

    • SHA1

      eba667eae4e894f9fbf1d67fde6665349480d27f

    • SHA256

      cf6e5dd1dbd3e1963279aa5120adb2fb544817c3f74a2819ccbaa3c27773ffc6

    • SHA512

      a5502bc2e09f218d3948fffe70e71cc7ec654e031f71357a78f06077a567b5a06d10879e2b1f4d4c96a4b56ea777e762ded457f33260c1f1f8f0a6718710141d

    • SSDEEP

      24576:Y3Yptx6ZMFT8wnorDnD0ADl6dWmHc240YGr0fJIp:YjSFt46dWmR4zGrd

    Score
    1/10
    • Target

      host/wmpf_host_export.dll

    • Size

      1.8MB

    • MD5

      557263e28dc6c1416cea8b43a9a47282

    • SHA1

      bb2306ef4e99dc0b10aa8ab51bb2872ed2a5d45a

    • SHA256

      d40ebacc2c08b72aa48dbe613ef2bc4cfe65bf0fcd63254239308fc4ae0eb226

    • SHA512

      b8fd24c566d770a452ecb5d227ccfe2ae8afc37d1c797d064adda63ec34a606c3ac882b2a366e4828c5c4869e249e2cf9dd9852185d63da9ff4bfc6c71c3d686

    • SSDEEP

      24576:e+JpOhdC4YyHBU8p4aolR7esO2YgdlnL6tO/MbcTuMilTfYR01Is0B2o5pvy82+f:kC4YyHBP4DesjgsYOmP0B1i+

    Score
    1/10
    • Target

      host/wmpf_host_export_x64.dll

    • Size

      2.2MB

    • MD5

      e479c9b7f445f62e512dca0b671fddba

    • SHA1

      20a0df44d91a5e3b9bb8e422946f343d4f82df61

    • SHA256

      c9c85a4136cfd3a06cf15d1fa59e0ae0343cab03986bec5cf4456402d8eb3b3c

    • SHA512

      0a1606ec5a794f1c1b4b28e3161cc142999d09f4bc8ffbd241b4c42bba562048a0653857ae1b2f70cde6691e7ce4b78a2201fbf540c3ca4c64a4f64d7887b1fe

    • SSDEEP

      49152:nQPPNAKvIm0DEcv5Qx5XBPo7BxBZGY4R24FmwK74vSeTtc:mcDEcvuqP4rzK70TO

    Score
    1/10
    • Target

      runtime/ComponentVerification.dll

    • Size

      179KB

    • MD5

      2d39b287fc2e07a9f26620c5173b41b8

    • SHA1

      5cb471dea1a7087f5b6735ff8f43f9f27d32a061

    • SHA256

      28e883c76d68de23f0a2aaaaf8458e490c54d6874e33594b8fbf7e44f099270b

    • SHA512

      6e37dfa78c40ce8fd58edf237cf26c4d100f19970fdda8c0cb2cb95718ebba284c1e1ea481335f8270b9ecf015757f206b74de6c83a5c7e409e89b214abb064c

    • SSDEEP

      3072:KdnhUaZ90uRBfBFS2AFtKccB5n0piJMYbomgXuxlT4y:Kh3BZFF6t9c3nK6Oy

    Score
    1/10
    • Target

      runtime/ConfSdk.dll

    • Size

      1.2MB

    • MD5

      c21a0198c2c75b325b8fd1233ba6984e

    • SHA1

      fc0442083b7c165b97efb8018cffa0c78ac50a8c

    • SHA256

      f9c904746a447a25f2e7815448e69a5c29dd2c207962df208916d3e52e2ae888

    • SHA512

      d34a74715ef8c86b05b8802882a77265d71249f00fa4e9b850322465747fda2fce8e6a56bd1aed3ec99ef5957cb192e487f51fb0c575bc07fc7b532e783be0e3

    • SSDEEP

      24576:ND9Yx6VsUPUN3onEeV47fI+jF5Sw9Y3Cj+j+xb:NKgwagQMF5Sf3oL

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotectmeduza
Score
10/10

behavioral1

Score
4/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
4/10

behavioral12

Score
4/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

meduzaevasionstealer
Score
10/10

behavioral20

meduzaevasionstealer
Score
10/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10