Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a95b60573d18671bea63aafbb3f8dad7b94e3a30f51d9dbfaefdb8c96eccb956
-
Size
397KB
-
Sample
240327-v271vacc61
-
MD5
36c49ce4084f9ed89e8897d38fac5086
-
SHA1
1b2ae8d85f8fd6666e8e5d9597f4810f07c809c8
-
SHA256
a95b60573d18671bea63aafbb3f8dad7b94e3a30f51d9dbfaefdb8c96eccb956
-
SHA512
60f9e9145556f73af8c9a19841c53441612287cf37d7bd46b7177e432e91974b2c96b9471c65bad4c7bb21ec9c0bb659c120777b1291a2b5783a6bceea54533c
-
SSDEEP
6144:Kici2Jk2Qs+04iUiCLsMcOTjqXVbeH0g3/ODSLwmpeEI7UJYOd1swUa3R6l:gi2JJv+KUiZMcoSeT3gm9zJYOMwRol
Static task
static1
Behavioral task
behavioral1
Sample
a95b60573d18671bea63aafbb3f8dad7b94e3a30f51d9dbfaefdb8c96eccb956.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
a95b60573d18671bea63aafbb3f8dad7b94e3a30f51d9dbfaefdb8c96eccb956
-
Size
397KB
-
MD5
36c49ce4084f9ed89e8897d38fac5086
-
SHA1
1b2ae8d85f8fd6666e8e5d9597f4810f07c809c8
-
SHA256
a95b60573d18671bea63aafbb3f8dad7b94e3a30f51d9dbfaefdb8c96eccb956
-
SHA512
60f9e9145556f73af8c9a19841c53441612287cf37d7bd46b7177e432e91974b2c96b9471c65bad4c7bb21ec9c0bb659c120777b1291a2b5783a6bceea54533c
-
SSDEEP
6144:Kici2Jk2Qs+04iUiCLsMcOTjqXVbeH0g3/ODSLwmpeEI7UJYOd1swUa3R6l:gi2JJv+KUiZMcoSeT3gm9zJYOMwRol
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-