Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b
-
Size
162KB
-
Sample
240418-ycpdzseb81
-
MD5
48f3578add712ad477de43a61079f6e2
-
SHA1
4b6a625d66abee564bc3fc0a4927ebceab88a0e7
-
SHA256
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b
-
SHA512
e9d7e06a61e187538313c0935b05ce453afd77f9c04046112818c2044ae6a66c6bb5b2c3aaf88eadeedda2648b2162dce5171eea9e7e2b4fb0dc1b0fe1f5b149
-
SSDEEP
3072:qeIM6syPKcys1v6LCNrhwBafeQt0siX7mIBbVaibI+wARE+WpC5:V6syicyst6LCwAfeJlr1xvb1
Behavioral task
behavioral1
Sample
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b
-
Size
162KB
-
MD5
48f3578add712ad477de43a61079f6e2
-
SHA1
4b6a625d66abee564bc3fc0a4927ebceab88a0e7
-
SHA256
20209b1782561498aae9640d8032d3663636c0f10a094dd1b69f413097d7c41b
-
SHA512
e9d7e06a61e187538313c0935b05ce453afd77f9c04046112818c2044ae6a66c6bb5b2c3aaf88eadeedda2648b2162dce5171eea9e7e2b4fb0dc1b0fe1f5b149
-
SSDEEP
3072:qeIM6syPKcys1v6LCNrhwBafeQt0siX7mIBbVaibI+wARE+WpC5:V6syicyst6LCwAfeJlr1xvb1
Score10/10-
StormKitty payload
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables (downlaoders) containing URLs to raw contents of a paste
-
Detects executables containing URLs to raw contents of a Github gist
-
Detects executables referencing Discord tokens regular expressions
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing credit card regular expressions
-
Detects executables referencing many VPN software clients. Observed in infosteslers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables using Telegram Chat Bot
-
Detects executables with interest in wireless interface using netsh
-
Detects file containing reversed ASEP Autorun registry keys
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-