Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c0d798a0fa325d1373269a5bf069e04801738fdcb689fc068669617b62d4bbef
-
Size
96KB
-
Sample
240329-cg6m6sfc49
-
MD5
48b5d8ebc7103fb747d67b2a35d2bd6b
-
SHA1
2d9ea045643a8a3be512625b93b26bd4728f708b
-
SHA256
c0d798a0fa325d1373269a5bf069e04801738fdcb689fc068669617b62d4bbef
-
SHA512
6b7b743da13306dae5005fab5233edc0f82f7c25240af802a31074c1c937fd3493ad5f7f835b21618d43b81421a2408478432474f5fe9ae7a92d4c520856758a
-
SSDEEP
768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6u7DPQ1TTGfGYc+p/:3RsvcdcQjosnvng6uQ1Jk
Static task
static1
Behavioral task
behavioral1
Sample
c0d798a0fa325d1373269a5bf069e04801738fdcb689fc068669617b62d4bbef.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c0d798a0fa325d1373269a5bf069e04801738fdcb689fc068669617b62d4bbef.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
c0d798a0fa325d1373269a5bf069e04801738fdcb689fc068669617b62d4bbef
-
Size
96KB
-
MD5
48b5d8ebc7103fb747d67b2a35d2bd6b
-
SHA1
2d9ea045643a8a3be512625b93b26bd4728f708b
-
SHA256
c0d798a0fa325d1373269a5bf069e04801738fdcb689fc068669617b62d4bbef
-
SHA512
6b7b743da13306dae5005fab5233edc0f82f7c25240af802a31074c1c937fd3493ad5f7f835b21618d43b81421a2408478432474f5fe9ae7a92d4c520856758a
-
SSDEEP
768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6u7DPQ1TTGfGYc+p/:3RsvcdcQjosnvng6uQ1Jk
Score10/10-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-