Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6f2eefd23e33e862207e4b9e91baa29a34ad63aff6e5e76f6aafc747f1b97768.exe
-
Size
497KB
-
Sample
240416-blympade48
-
MD5
faf13222570e0483055345c82dec07da
-
SHA1
e7fd20c5290201d144010850e37285f09b592dbe
-
SHA256
6f2eefd23e33e862207e4b9e91baa29a34ad63aff6e5e76f6aafc747f1b97768
-
SHA512
cdd9106575322ba8498a003c46c4ccab8a1151a8df725695022d294367ac40ed64e3bd883c3e355488d1e6c95385f2e9aaad7c1477390e63431c22ceb043a9fd
-
SSDEEP
6144:RWSicFcC1yNLlB7N/o+BJkp5QtBfwvUGSx/J1AopaFQve1P2FCLjH:VTFcC1yND7NrcPuBfwvEx/UdR/fH
Static task
static1
Behavioral task
behavioral1
Sample
6f2eefd23e33e862207e4b9e91baa29a34ad63aff6e5e76f6aafc747f1b97768.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
6f2eefd23e33e862207e4b9e91baa29a34ad63aff6e5e76f6aafc747f1b97768.exe
-
Size
497KB
-
MD5
faf13222570e0483055345c82dec07da
-
SHA1
e7fd20c5290201d144010850e37285f09b592dbe
-
SHA256
6f2eefd23e33e862207e4b9e91baa29a34ad63aff6e5e76f6aafc747f1b97768
-
SHA512
cdd9106575322ba8498a003c46c4ccab8a1151a8df725695022d294367ac40ed64e3bd883c3e355488d1e6c95385f2e9aaad7c1477390e63431c22ceb043a9fd
-
SSDEEP
6144:RWSicFcC1yNLlB7N/o+BJkp5QtBfwvUGSx/J1AopaFQve1P2FCLjH:VTFcC1yND7NrcPuBfwvEx/UdR/fH
-
Detect ZGRat V1
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-