Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Fnn5Ap3.rar
-
Size
6.2MB
-
Sample
240416-wcyljsge39
-
MD5
c3c9adff3d8341f8fa0f58413bacc287
-
SHA1
2276279cf3e153d68541e71b283e383307bdb200
-
SHA256
e9b75e4351e9bfcaef1df3822dc94fdc588dd2a95074d9d5044a058ae869273a
-
SHA512
5f5ab50c9f0b7971196856c696803ad33419f18d4cd889347d6dc4f141c4e6f2c27384e8e1531bd7413ff6ee6b28a9c9ebfad3551f0976174780c6b3d6a83bd0
-
SSDEEP
196608:9F2Je5UY0zDzb3lC5c5ErXFEhv9Okjw8cyAtzli:PceKhzb1C5c5EyhvnUFyOzli
Malware Config
Targets
-
-
Target
Opium.exe
-
Size
6.3MB
-
MD5
51a4b92d3d474b74c99f9bf8006adcf8
-
SHA1
876c3445e81651d207beedcdbc42384b7c6579f5
-
SHA256
25f1cc14c6f92b5300f016dbd6fae84ccd5e8c95cada73463b3b4963fcf12f16
-
SHA512
7aec357d2b1ed372f193ebed8a3dde3ece67d7ca76036c0a00c74141ea15a8dac4d6c1a34a9cc039110e993c6b4fbc11d85a251a69224752620badbe0a340778
-
SSDEEP
98304:CQ91G75YthUySccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1SX:F45e6ySraRRnz+R8zmPf1D7JX
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-