Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TankX.exe
-
Size
6.1MB
-
Sample
240423-y82zysbf34
-
MD5
a06f37fd4828eb3b3140c50cb0638a36
-
SHA1
0fe30a4ca469b973d1b61d5dee7610e106f817da
-
SHA256
417dd4be4d5947568b30abfb4f2a8d1a303da739ff6f15461525359b9b6b7d76
-
SHA512
ea9a883db61ec4d7c29114dc387e1732ee37565e4a99cca868018c52b2a08ca23e73651380dc2d3066dbfdcdbe9bad13e5525f5083ceb72ad049090e87a6631e
-
SSDEEP
98304:Zr0wRhEtdFByZNhamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RRBMMK3SUq:Zr0wuFMZ+eN/FJMIDJf0gsAGK4RRuMKq
Behavioral task
behavioral1
Sample
TankX.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TankX.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
,|��yX�.pyc
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
,|��yX�.pyc
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
TankX.exe
-
Size
6.1MB
-
MD5
a06f37fd4828eb3b3140c50cb0638a36
-
SHA1
0fe30a4ca469b973d1b61d5dee7610e106f817da
-
SHA256
417dd4be4d5947568b30abfb4f2a8d1a303da739ff6f15461525359b9b6b7d76
-
SHA512
ea9a883db61ec4d7c29114dc387e1732ee37565e4a99cca868018c52b2a08ca23e73651380dc2d3066dbfdcdbe9bad13e5525f5083ceb72ad049090e87a6631e
-
SSDEEP
98304:Zr0wRhEtdFByZNhamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RRBMMK3SUq:Zr0wuFMZ+eN/FJMIDJf0gsAGK4RRuMKq
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
,|��yX�.pyc
-
Size
857B
-
MD5
e172a03818b783829f0cae9bb458df9f
-
SHA1
d9a283f4f4499e205386c136c3433b01e81f9ec7
-
SHA256
d66d58f40c7e737109e1e870233fb1178ee8c45037d8ea7021f654525c6eb87d
-
SHA512
c036ea70966f35390548492c6d3730fd8c8fedfdd6bc41bb96fd9cfd6d6bfc12d4176da077c9f167efe64cbfa2220e062cd2d7dfa46035f8ff1f0e64560a2bd3
Score1/10 -