Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aa1e3f7b1f83b009b871b23fd6c38f5f565a1c4eaaba46183927b1117db916c0
-
Size
297KB
-
Sample
240325-q2ft5shg37
-
MD5
4d6e9c7274a25f8a3c4bd17f6ec08a8c
-
SHA1
d10eeb950d8db466e57c557918f9f9d50ee3f4cc
-
SHA256
aa1e3f7b1f83b009b871b23fd6c38f5f565a1c4eaaba46183927b1117db916c0
-
SHA512
51975c4122958b0181e0e4d13c340df3bc4de645346855574b4bae73f9d5a1862331d9dbd10b1e9b5bb5f8505b43180a7c08a9c31b9497fe5d1ba6512280ca11
-
SSDEEP
3072:dPeXm6alymR9ywg3Eyx+F1IMHcxWd2C6Doq0l0vDBae1S2fBCqz48co9/ydzUtmH:Mm6aldWwg3c1IM8xW1vGzBDptCwtY/
Static task
static1
Behavioral task
behavioral1
Sample
aa1e3f7b1f83b009b871b23fd6c38f5f565a1c4eaaba46183927b1117db916c0.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
aa1e3f7b1f83b009b871b23fd6c38f5f565a1c4eaaba46183927b1117db916c0
-
Size
297KB
-
MD5
4d6e9c7274a25f8a3c4bd17f6ec08a8c
-
SHA1
d10eeb950d8db466e57c557918f9f9d50ee3f4cc
-
SHA256
aa1e3f7b1f83b009b871b23fd6c38f5f565a1c4eaaba46183927b1117db916c0
-
SHA512
51975c4122958b0181e0e4d13c340df3bc4de645346855574b4bae73f9d5a1862331d9dbd10b1e9b5bb5f8505b43180a7c08a9c31b9497fe5d1ba6512280ca11
-
SSDEEP
3072:dPeXm6alymR9ywg3Eyx+F1IMHcxWd2C6Doq0l0vDBae1S2fBCqz48co9/ydzUtmH:Mm6aldWwg3c1IM8xW1vGzBDptCwtY/
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-