Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e
-
Size
412KB
-
Sample
240418-2hqqsagg69
-
MD5
19e93cdbbe05d789bc11c8f6c24357ab
-
SHA1
d436779f72b2c17207668955b9cb64055650fd23
-
SHA256
481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e
-
SHA512
33f75ff405d8adc693cb154d86899cd59f83608a2cdd2b356308fc56395b70e1a2f48fa9c08d9daf59cb456f5a5b3f1a79b143dd8b0f4de4f84b1ea51165e342
-
SSDEEP
6144:0GlYLHoDRsJI9IG2AUXj0b8fN1aj5OhsMXmhvDKX1XuEc1:0GlYzoUOWAm04fN1a4nXm+1eP1
Static task
static1
Behavioral task
behavioral1
Sample
481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e
-
Size
412KB
-
MD5
19e93cdbbe05d789bc11c8f6c24357ab
-
SHA1
d436779f72b2c17207668955b9cb64055650fd23
-
SHA256
481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e
-
SHA512
33f75ff405d8adc693cb154d86899cd59f83608a2cdd2b356308fc56395b70e1a2f48fa9c08d9daf59cb456f5a5b3f1a79b143dd8b0f4de4f84b1ea51165e342
-
SSDEEP
6144:0GlYLHoDRsJI9IG2AUXj0b8fN1aj5OhsMXmhvDKX1XuEc1:0GlYzoUOWAm04fN1a4nXm+1eP1
-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-