Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
API.exe
-
Size
6.6MB
-
Sample
240421-y9zwzsbd3s
-
MD5
07fcda5e8c88548ab30e7a26b0304d8a
-
SHA1
b6abf49f34ab1465cd6f671b2148e5ddcaa2f152
-
SHA256
0c89c0d06ecfe89860ff6defd3e22a0b707b253f2f23f80192b3b3b9a1b28458
-
SHA512
cd6cb17854b0e47efb7325f22d119976a1a6fefd968e601ad0869c2467fc83f395bac237536d009aa8aac5fa22a594c711c05498019436f3503a6e7d90680b92
-
SSDEEP
196608:Yry7bJ7hEDOYjJlpZstQoS9Hf12VKXPXC9b8CuVj:5lEBpGt7G/Moy9bkj
Malware Config
Targets
-
-
Target
API.exe
-
Size
6.6MB
-
MD5
07fcda5e8c88548ab30e7a26b0304d8a
-
SHA1
b6abf49f34ab1465cd6f671b2148e5ddcaa2f152
-
SHA256
0c89c0d06ecfe89860ff6defd3e22a0b707b253f2f23f80192b3b3b9a1b28458
-
SHA512
cd6cb17854b0e47efb7325f22d119976a1a6fefd968e601ad0869c2467fc83f395bac237536d009aa8aac5fa22a594c711c05498019436f3503a6e7d90680b92
-
SSDEEP
196608:Yry7bJ7hEDOYjJlpZstQoS9Hf12VKXPXC9b8CuVj:5lEBpGt7G/Moy9bkj
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-