Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NordVPNSetup.exe
-
Size
16.8MB
-
Sample
240408-v6vajsfa47
-
MD5
8916adb46ac66f510491eeef40eb2b0d
-
SHA1
25318148e33077ede2689d67a495d9160b0f331d
-
SHA256
e9131d9413f1596b47e86e88dc5b4e4cc70a0a4ec2d39aa8f5a1a5698055adfc
-
SHA512
b7ca36f76cfbd13b05462e002e8e3d77edcea2cba7e1076ef4a755172f8b429e54061a52696a399e615a09d405cea21599d56ff19d1b209b8c9d2998b1595721
-
SSDEEP
393216:9qVjnUv7EZs8DvzHiQFFz1c4vJvFozQMI3vv2Jknvk:KjnUv7Qs8D7iQnzHvJ9kTI3v+KM
Static task
static1
Malware Config
Targets
-
-
Target
NordVPNSetup.exe
-
Size
16.8MB
-
MD5
8916adb46ac66f510491eeef40eb2b0d
-
SHA1
25318148e33077ede2689d67a495d9160b0f331d
-
SHA256
e9131d9413f1596b47e86e88dc5b4e4cc70a0a4ec2d39aa8f5a1a5698055adfc
-
SHA512
b7ca36f76cfbd13b05462e002e8e3d77edcea2cba7e1076ef4a755172f8b429e54061a52696a399e615a09d405cea21599d56ff19d1b209b8c9d2998b1595721
-
SSDEEP
393216:9qVjnUv7EZs8DvzHiQFFz1c4vJvFozQMI3vv2Jknvk:KjnUv7Qs8D7iQnzHvJ9kTI3v+KM
-
SectopRAT payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-