Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Ro-exec Executor.zip
-
Size
479KB
-
Sample
240406-cwkn9ahb4y
-
MD5
86711d8e3a8e9373c52040db6d438789
-
SHA1
a9a42faf7ead5847d727f7dd378822d656d58dbf
-
SHA256
d0d6cabab10e62f0261e2ca13daa453b4ec38c9f81880a55d1aca04c8ae5a3fa
-
SHA512
38e98b43babf3ba4eaf5d79f85cbb5049df7c17019a700afac52371de6f112a426e67c20d5cb37fcfbcf8aa78a4b4d1596ea0afb5843cbb93628c0540cee888b
-
SSDEEP
12288:JkwR6R+2byyNRU0Yz3jBL75xwc4XscIFl4zA6fzvBLT:Jkz+2b1rKjRdxwr81FlQxfDxT
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Launcher.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
compiler.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
compiler.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
lua51.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
lua51.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
lumma
https://birdpenallitysydw.shop/api
Targets
-
-
Target
Launcher.bat
-
Size
544B
-
MD5
17033b44988e812ebade9022cba3584f
-
SHA1
3c98c9f36212cfeec679057cabb1ea5d4bffb1a1
-
SHA256
deda21bef6613c01484a7c219070f1c510d96a31373a9561e31a8e45b3c94473
-
SHA512
9f54c72cafeedb4b332e8c4d438e88475d1757ea4ffdf23d13d0f1bae55806b3fe58cf48002085f5a867c5d8906c4b7674584c4070288e35026037cdc33eb282
-
Detect ZGRat V1
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
compiler.exe
-
Size
89KB
-
MD5
dd98a43cb27efd5bcc29efb23fdd6ca5
-
SHA1
38f621f3f0df5764938015b56ecfa54948dde8f5
-
SHA256
1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a
-
SHA512
871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0
-
SSDEEP
1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv
Score1/10 -
-
-
Target
lua51.dll
-
Size
592KB
-
MD5
3dff7448b43fcfb4dc65e0040b0ffb88
-
SHA1
583cdab08519d99f49234965ffd07688ccf52c56
-
SHA256
ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60
-
SHA512
cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394
-
SSDEEP
12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY
Score3/10 -