Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

yba.zip

windows7-x64

1

yba.zip

windows10-1703-x64

1

HtmlAgilityPack.dll

windows10-2004-x64

1

HtmlAgilityPack.dll

windows10-1703-x64

1

HtmlAgilityPack.pdb

windows10-2004-x64

3

HtmlAgilityPack.pdb

windows10-1703-x64

3

HtmlAgilityPack.xml

windows10-2004-x64

1

HtmlAgilityPack.xml

windows10-1703-x64

1

R34Downloader.exe

windows7-x64

1

R34Downloader.exe

windows10-1703-x64

7

R34Downloader.exe.xml

windows10-2004-x64

1

R34Downloader.exe.xml

windows10-1703-x64

1

R34Downloader.pdb

windows7-x64

3

R34Downloader.pdb

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yba.zip

  • Size

    304KB

  • Sample

    240325-xjwafafg78

  • MD5

    2899b86907ac87d38c1e1447285722a5

  • SHA1

    03f0f34a68e04666dab6e7da2cf5150f33ca4057

  • SHA256

    2864b88797bfdc043dae9c5367e7f1c36e3070868894af856ff489079a0a483c

  • SHA512

    807c5badf8e7dca62a2695132024adc6483733bbfadf2397d4cac256ddc25cb5245700f91ddb3691b166321dd3589d463717c8512b26ec6e775929e1cd1d8f59

  • SSDEEP

    6144:mGiPYprF1yHmCSqti0yE9g9etqkTQm3K09nD4jTDeH0sVPUQFUDT:jcYyGCSciz8tqkx3B9ncTDeUqxFUDT

Score
7/10

Malware Config

Targets

    • Target

      yba.zip

    • Size

      304KB

    • MD5

      2899b86907ac87d38c1e1447285722a5

    • SHA1

      03f0f34a68e04666dab6e7da2cf5150f33ca4057

    • SHA256

      2864b88797bfdc043dae9c5367e7f1c36e3070868894af856ff489079a0a483c

    • SHA512

      807c5badf8e7dca62a2695132024adc6483733bbfadf2397d4cac256ddc25cb5245700f91ddb3691b166321dd3589d463717c8512b26ec6e775929e1cd1d8f59

    • SSDEEP

      6144:mGiPYprF1yHmCSqti0yE9g9etqkTQm3K09nD4jTDeH0sVPUQFUDT:jcYyGCSciz8tqkx3B9ncTDeUqxFUDT

    Score
    1/10
    behavioral1behavioral2

    • Target

      HtmlAgilityPack.dll

    • Size

      165KB

    • MD5

      7939c27033a7c0e80022a788c537275d

    • SHA1

      df3260a60a4223bd0666d1d13b15fb4e4bc78af7

    • SHA256

      37e643b9ef95d1fb21de79ad0b19825fc15aaaf43232c15e030e4c3bdba07714

    • SHA512

      798cd9a213ad3750521cd6ec2fc4e4806c88db50e9c30a6809f067c3a063731d08b67dc9662aa3572aa40c3ba5a037aca7b590f0d9b4214d4ab256525af6d6b6

    • SSDEEP

      3072:VKAQHsluAGimooRjc48chGlj6q3BEkMGNhYAFBZeihwFvWq:xFluAGMo3slTBEkMiqb

    Score
    1/10
    behavioral3behavioral4

    • Target

      HtmlAgilityPack.pdb

    • Size

      311KB

    • MD5

      96c558a3508bdbe7eaabc84e50078e88

    • SHA1

      0a51832edd44061546afd14aff8c73919b324a45

    • SHA256

      39321f884f2a293df319da78523a1e78f799dd332b91f0bbb069b7db3e7422c7

    • SHA512

      2ccd5ca1d1733256bb2a9f81bff55cb4461e0429732db29b21949436d417a489a9feacf8f7d27dadeb70d26c6f066811a60599c25e5937783825c1f242ad509e

    • SSDEEP

      3072:FvoVOvLHMh1XEX9977p/SjdR80j4+5R5n15JDwK6R:ZvDeE9977ZYn88R5n15JDwV

    Score
    3/10
    behavioral5behavioral6

    • Target

      HtmlAgilityPack.xml

    • Size

      166KB

    • MD5

      ce89f35571a6c068540c8304a67b9edd

    • SHA1

      ad8d5bb8b1b8da70db339172b0b7876c9e8bc3e7

    • SHA256

      6b1d3cf2235ba91604d87716f9e054c4eae5e68a199afbeb18b844235d8654d6

    • SHA512

      81fc934f55c692a38a1cd4ba7a0a2c041160c10e4fa509aa369d180632db22c21bfe88ac6bf32791baabbf20ee83656c3a66178d8eaa3227e24f6a50d09d7af1

    • SSDEEP

      768:k89NigjbzmiP+x9qLcIfinUY6LUznShCEFrs1eZ9t5CRvGmwSIYusFlQ5DQJFL5d:j9NiQuo+xzVaSIsFlQ6zhoa0vtgVLu4V

    Score
    1/10
    behavioral7behavioral8

    • Target

      R34Downloader.exe

    • Size

      158KB

    • MD5

      f3b50da1d75b2dee573cc2e1f688abbf

    • SHA1

      63eac63f1df81e524aad02a4a0565d898986bc88

    • SHA256

      73c219843a415eca74ac97ff9270575dcdbacf8752186e3558934ff3cbc26ab3

    • SHA512

      920f803bc3ff60ebb306b2fabcc25ae3609411170ef23eb5cabc1c31027cb913f717441c584e477bfcdfe40d57b4c4c3880f3ca01c41000d351096dc794ef106

    • SSDEEP

      3072:9h1C9tcTh+zhkGqPhUrqx6gwd0S4vHKjpNP23qQ5CGgzWPtqjs1d:9h1RTUzhkGEOrqMbd09vMNPFQEGgzMb

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral10behavioral9

    • Target

      R34Downloader.exe.config

    • Size

      915B

    • MD5

      db7d07e833ffdf19b25932cc50938b3b

    • SHA1

      3d2065309f72e2769fb847467e36fc94b7c3ed25

    • SHA256

      e1d3202695e25f899eb5e688c29b584659d7b4234e64a6f85ee8911982dfcc88

    • SHA512

      3020b517eddd8c8b518a13a4ce11262739e193f8e4fc2331cec5f16d3be5a263dc69a7cc2fb56e1e756d968cba869eb3ce56d52bb4f210cae34586ab64356c0e

    Score
    1/10
    behavioral11behavioral12

    • Target

      R34Downloader.pdb

    • Size

      59KB

    • MD5

      0f52dae19cfe07fdae33b39b08c9cfb9

    • SHA1

      e451bc0416d7f6922e2df466d25032bded12998b

    • SHA256

      b7fd6d33b52a4f78bc53de573e792515e6b5ac28cc5c0a01c42effae0e624375

    • SHA512

      725822632938ac03ab738a37e8cce76443aaac8466c5aa207b785e7bc95c735257ea7dc621ec18026248c496e9b42312de13a42e55c40aa7e88383f160387d9c

    • SSDEEP

      768:K92uPG8nzvnfyOnyDXtDfF3B7HZ1H5vfGouZ1mEduXjaA+L6gYLt5pXNtJX7lHOc:KIuZ1mEduT1+Lgt5hNtJLlHOUp2

    Score
    3/10
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks