Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f
-
Size
2.5MB
-
Sample
240408-y5sl4seb6v
-
MD5
eca95fbb69ab3ba58f0f535c0e481d67
-
SHA1
82f2092667e20ef4992d13a428102d64176b4b9e
-
SHA256
39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f
-
SHA512
3646cf1f9a1fcd854f4ad63ce1bcd451319efd27c21255279add937a9060f32c15d944aa8b4df1712bcf600703614c66c57144061ac09afd4bbec89a4612e3ff
-
SSDEEP
49152:vhDZlDTeHumcu6x06hZJYtF2EGvxyhXQu8GqbilpEVWi26kAdSNl:ZVlExGT2tF2rCXrVlScJAoz
Static task
static1
Behavioral task
behavioral1
Sample
39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f
-
Size
2.5MB
-
MD5
eca95fbb69ab3ba58f0f535c0e481d67
-
SHA1
82f2092667e20ef4992d13a428102d64176b4b9e
-
SHA256
39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f
-
SHA512
3646cf1f9a1fcd854f4ad63ce1bcd451319efd27c21255279add937a9060f32c15d944aa8b4df1712bcf600703614c66c57144061ac09afd4bbec89a4612e3ff
-
SSDEEP
49152:vhDZlDTeHumcu6x06hZJYtF2EGvxyhXQu8GqbilpEVWi26kAdSNl:ZVlExGT2tF2rCXrVlScJAoz
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-