Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ModAssistant.exe
-
Size
983KB
-
Sample
240419-yy4e2aec79
-
MD5
85db93f5c82c2b00532a12a907d789aa
-
SHA1
364bc37d7c64952b48ed57f816a29866aae7bdc5
-
SHA256
30e9743aab4b01764bf7b2e2d165a9c16cadade5b99ed59f112a47c04028cdff
-
SHA512
3289aa4fa798673bfd157b2e5702b74a3176032aa1dd64a2828fca62271641b5d2403151722054bc360252af04c67b9984fb2f6d3ecaec9332e6924426e4a3c2
-
SSDEEP
12288:CHHUaJeQJTUt5ndBU6k1IYg17V8yoRkIoTKrtxeMfgFb7jteYx3QI6x0u+AcGKrt:CHEZAoESMmb7A2U03AcGE
Static task
static1
Malware Config
Targets
-
-
Target
ModAssistant.exe
-
Size
983KB
-
MD5
85db93f5c82c2b00532a12a907d789aa
-
SHA1
364bc37d7c64952b48ed57f816a29866aae7bdc5
-
SHA256
30e9743aab4b01764bf7b2e2d165a9c16cadade5b99ed59f112a47c04028cdff
-
SHA512
3289aa4fa798673bfd157b2e5702b74a3176032aa1dd64a2828fca62271641b5d2403151722054bc360252af04c67b9984fb2f6d3ecaec9332e6924426e4a3c2
-
SSDEEP
12288:CHHUaJeQJTUt5ndBU6k1IYg17V8yoRkIoTKrtxeMfgFb7jteYx3QI6x0u+AcGKrt:CHEZAoESMmb7A2U03AcGE
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-