Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
76dcd11160dbe6f680c61a8e6bfb2199a6b1e63de3475ac11e01987cc2613fb6
-
Size
400KB
-
Sample
240327-ke9k2sbe3t
-
MD5
11e20aa257ca42b9c2542ca924e1a6e8
-
SHA1
3fdf848f8a6adabd8a22fe15867fb298db79c1e2
-
SHA256
76dcd11160dbe6f680c61a8e6bfb2199a6b1e63de3475ac11e01987cc2613fb6
-
SHA512
7c6b46b1e7cc29bd5168f8b9b41a9d64eb6c98fe6f95dedcf6427afe179710f784895a02557b546d97669ce9ad6e471f9d14b9d867607f21ca8e3d272095ae97
-
SSDEEP
6144:OlcU2rm3BeTtiBlMsHTlI/sCTaldjq5oUT/U3t53s7NJ6T93kAXLO2/Oo8aILP:LU2r+YTotZCYjYNo3tdkO/OxpP
Static task
static1
Behavioral task
behavioral1
Sample
76dcd11160dbe6f680c61a8e6bfb2199a6b1e63de3475ac11e01987cc2613fb6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
76dcd11160dbe6f680c61a8e6bfb2199a6b1e63de3475ac11e01987cc2613fb6
-
Size
400KB
-
MD5
11e20aa257ca42b9c2542ca924e1a6e8
-
SHA1
3fdf848f8a6adabd8a22fe15867fb298db79c1e2
-
SHA256
76dcd11160dbe6f680c61a8e6bfb2199a6b1e63de3475ac11e01987cc2613fb6
-
SHA512
7c6b46b1e7cc29bd5168f8b9b41a9d64eb6c98fe6f95dedcf6427afe179710f784895a02557b546d97669ce9ad6e471f9d14b9d867607f21ca8e3d272095ae97
-
SSDEEP
6144:OlcU2rm3BeTtiBlMsHTlI/sCTaldjq5oUT/U3t53s7NJ6T93kAXLO2/Oo8aILP:LU2r+YTotZCYjYNo3tdkO/OxpP
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-