Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-04-02_f9b49c98755c58c68618cb1e9985587f_magniber_revil
-
Size
5.6MB
-
Sample
240402-ayrjgabh94
-
MD5
f9b49c98755c58c68618cb1e9985587f
-
SHA1
561f73b4258a2b36547265cc47560ea96fe618e4
-
SHA256
dc6439f061339d1addbce55511e88e41081ef6b36c9611e3939d9914bf211e61
-
SHA512
be7e01506d3f0aa75872d0a6a2aa3bc10e2f09bbb5e6d880b29c41a48b40c294e146d374afaa4d52a96132f1c48be61db689a0a9e189c0c3f25a5bc96f2e8688
-
SSDEEP
98304:kpKEJWqF/G2lP3ZWnaIyGbCy4uqJOBiT5A4V5wfa2o:fMWsplRWn/Cy40iTiB/o
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-02_f9b49c98755c58c68618cb1e9985587f_magniber_revil.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-02_f9b49c98755c58c68618cb1e9985587f_magniber_revil.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
raccoon
4a9f651f0c883b5f75c545d430f6c021
http://192.227.94.170:80
-
user_agent
MrBidenNeverKnow
Targets
-
-
Target
2024-04-02_f9b49c98755c58c68618cb1e9985587f_magniber_revil
-
Size
5.6MB
-
MD5
f9b49c98755c58c68618cb1e9985587f
-
SHA1
561f73b4258a2b36547265cc47560ea96fe618e4
-
SHA256
dc6439f061339d1addbce55511e88e41081ef6b36c9611e3939d9914bf211e61
-
SHA512
be7e01506d3f0aa75872d0a6a2aa3bc10e2f09bbb5e6d880b29c41a48b40c294e146d374afaa4d52a96132f1c48be61db689a0a9e189c0c3f25a5bc96f2e8688
-
SSDEEP
98304:kpKEJWqF/G2lP3ZWnaIyGbCy4uqJOBiT5A4V5wfa2o:fMWsplRWn/Cy40iTiB/o
-
Raccoon Stealer V2 payload
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-