Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Launcher.bat

windows7-x64

1

Launcher.bat

windows10-2004-x64

10

compiler.exe

windows7-x64

1

compiler.exe

windows10-2004-x64

1

lua51.dll

windows7-x64

3

lua51.dll

windows10-2004-x64

3

Resubmissions

06/04/2024, 02:27

240406-cxlmyahb6x 3

06/04/2024, 02:26

240406-cwvjfshb5t 3

06/04/2024, 02:25

240406-cwkn9ahb4y 10

06/04/2024, 02:21

240406-cszc8shb2v 7

06/04/2024, 02:19

240406-cr7cfshg29 3

06/04/2024, 02:18

240406-crp36shg25 10

06/04/2024, 02:17

240406-cq78csha81 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ro-exec Executor.zip

  • Size

    479KB

  • Sample

    240406-cwkn9ahb4y

  • MD5

    86711d8e3a8e9373c52040db6d438789

  • SHA1

    a9a42faf7ead5847d727f7dd378822d656d58dbf

  • SHA256

    d0d6cabab10e62f0261e2ca13daa453b4ec38c9f81880a55d1aca04c8ae5a3fa

  • SHA512

    38e98b43babf3ba4eaf5d79f85cbb5049df7c17019a700afac52371de6f112a426e67c20d5cb37fcfbcf8aa78a4b4d1596ea0afb5843cbb93628c0540cee888b

  • SSDEEP

    12288:JkwR6R+2byyNRU0Yz3jBL75xwc4XscIFl4zA6fzvBLT:Jkz+2b1rKjRdxwr81FlQxfDxT

Score
10/10
lummazgratratspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://birdpenallitysydw.shop/api

Targets

    • Target

      Launcher.bat

    • Size

      544B

    • MD5

      17033b44988e812ebade9022cba3584f

    • SHA1

      3c98c9f36212cfeec679057cabb1ea5d4bffb1a1

    • SHA256

      deda21bef6613c01484a7c219070f1c510d96a31373a9561e31a8e45b3c94473

    • SHA512

      9f54c72cafeedb4b332e8c4d438e88475d1757ea4ffdf23d13d0f1bae55806b3fe58cf48002085f5a867c5d8906c4b7674584c4070288e35026037cdc33eb282

    Score
    10/10
    lummazgratratspywarestealer

    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      compiler.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    1/10
    behavioral3behavioral4

    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks