Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    YeIoxi.exe

  • Size

    6.0MB

  • Sample

    240424-vp8fvadf94

  • MD5

    b907fdffcf20892db3eeb81abb14930c

  • SHA1

    ad94b36fbcc1a3ff67c5cb430915ffe29f095228

  • SHA256

    25e5364b68dd722918c975cb1c14104bcca9bd74be7d34a80d6c7aa46e1093a4

  • SHA512

    ef1670a4585d8525751d1a485c4a6684a8814d169aac5ff38c96d6b6df2ac003524917d96431947b7b5dc39392c752e930549da7ebcf74835924c54a289bdf36

  • SSDEEP

    98304:RrMJEtdFBG9YamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R2OuAKkfePyyu:RrMIFE9ZeN/FJMIDJf0gsAGK4RFuAKkj

Malware Config

Targets

    • Target

      YeIoxi.exe

    • Size

      6.0MB

    • MD5

      b907fdffcf20892db3eeb81abb14930c

    • SHA1

      ad94b36fbcc1a3ff67c5cb430915ffe29f095228

    • SHA256

      25e5364b68dd722918c975cb1c14104bcca9bd74be7d34a80d6c7aa46e1093a4

    • SHA512

      ef1670a4585d8525751d1a485c4a6684a8814d169aac5ff38c96d6b6df2ac003524917d96431947b7b5dc39392c752e930549da7ebcf74835924c54a289bdf36

    • SSDEEP

      98304:RrMJEtdFBG9YamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R2OuAKkfePyyu:RrMIFE9ZeN/FJMIDJf0gsAGK4RFuAKkj

    Score
    8/10
    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      9 1G�O_.pyc

    • Size

      857B

    • MD5

      04d4f1dcab35a07d9b4a17083285cab6

    • SHA1

      e037a8a5f5062080bcf0a0bb4f6a4e858cdb5286

    • SHA256

      bcf6e0316e54dffccbda52d921ddf74d8b7a227eae0c8312e1474a3f562f76be

    • SHA512

      59b5655cb3110146998dbe64e6b42a5e1bb3e3769f2e6a42e2dccbfb6ae123301dbd5c87e09788574fca6a520ae20fe3512ff3b38eb970349a1fcc3a39ce1584

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks