Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bc89eefe8b6e92ba8da2014e114cc6efb51744ea6198bcb75a0d47ae50f2f576
-
Size
786KB
-
Sample
240417-qa2mjage44
-
MD5
f9b31b7359c984528b8539cd2310bfd5
-
SHA1
65145efb30ba7fe1fceb745f56c41d90e106f622
-
SHA256
bc89eefe8b6e92ba8da2014e114cc6efb51744ea6198bcb75a0d47ae50f2f576
-
SHA512
9382f02b82b3bece7a090bdbc89b1d3b84a5dabdca49fd97bfcf6b32dec3527efa1b8b419cb45efdd36e07743211043dd1e4a393387d81700617a237f10b1506
-
SSDEEP
24576:bc/3rODfl+epkHOJVkDkAX8UIK+/U6vA7DJZ9Ew:bg3rmQqkHJoUIK+c6vAJZew
Static task
static1
Behavioral task
behavioral1
Sample
efc5c94996f4af7ae3a2d17dfc73dd7fe3f84269e73bb611e5806f2fd131a646.exe
Resource
win7-20240221-en
Malware Config
Extracted
netwire
212.193.30.230:6826
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
kolabo123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
efc5c94996f4af7ae3a2d17dfc73dd7fe3f84269e73bb611e5806f2fd131a646.exe
-
Size
928KB
-
MD5
d616794167af5c88812aabaf65120fad
-
SHA1
ad1289875a05ba89cb6e10b08b95ee45bdf79d0f
-
SHA256
efc5c94996f4af7ae3a2d17dfc73dd7fe3f84269e73bb611e5806f2fd131a646
-
SHA512
8c2211e1472c53863d9c0bed2baf03c6ea2dd9b568480cee909a4fa157c229e3e651afc673168304bdfa875bf0eb056896dbb3906e1d66dcc8b23e4e075bceee
-
SSDEEP
24576:Jg7gUMoMnm9cU9VHb5Z763rs7u8BeV67s7nCrt8dB:vWMnGcU95nAsyTKug+
-
Detect ZGRat V1
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-