Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
285e3fe042f687b463de137779ecb33d.bin
-
Size
1019B
-
Sample
240319-bsdk4ade87
-
MD5
ac0716a48beae0b886c1f9523cff8660
-
SHA1
c82b15d9fcc9a5ff04288d42688956ed6712cedf
-
SHA256
65a0a2b57b7a587cabaeee39e03cfe6639c8bfe727eea06062123a84fd1e55e0
-
SHA512
2e7513277e0bb080b59f7972c28a5203c948f10f5ad4bf7dfedf24848e4aaf9a227cdcc89fc835c32dd55df5bc02a827b3bc6cafb21db122ecf856d344302303
Static task
static1
Behavioral task
behavioral1
Sample
9117d5485e8365053ebc055eec3a439df927985113bf15f4607daf7bc04c5b7b.lnk
Resource
win7-20240221-en
Malware Config
Extracted
http://92.246.138.48/qqeng
Extracted
http://92.246.138.48/qqeng
Extracted
amadey
4.18
-
install_dir
154561dcbf
-
install_file
Dctooux.exe
-
strings_key
2cd47fa043c815e1a033c67832f3c6a5
-
url_paths
/j4Fvskd3/index.php
Extracted
amadey
4.18
-
strings_key
2cd47fa043c815e1a033c67832f3c6a5
-
url_paths
/j4Fvskd3/index.php
Targets
-
-
Target
9117d5485e8365053ebc055eec3a439df927985113bf15f4607daf7bc04c5b7b.lnk
-
Size
1KB
-
MD5
285e3fe042f687b463de137779ecb33d
-
SHA1
8b3aa13104920abc0eef34d720058f9ac120a680
-
SHA256
9117d5485e8365053ebc055eec3a439df927985113bf15f4607daf7bc04c5b7b
-
SHA512
9f0aebf5fb225623e8a9f2e7ecf7bed5b5a44b6c78076b1b4551e1e3ed73e8ebc8dbd276c4d07c2aa4b665273c26b3bdffd839252ca82f1e5f6e4b94a69e4e04
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-