Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
YeIoxi.exe
-
Size
6.0MB
-
Sample
240424-vp8fvadf94
-
MD5
b907fdffcf20892db3eeb81abb14930c
-
SHA1
ad94b36fbcc1a3ff67c5cb430915ffe29f095228
-
SHA256
25e5364b68dd722918c975cb1c14104bcca9bd74be7d34a80d6c7aa46e1093a4
-
SHA512
ef1670a4585d8525751d1a485c4a6684a8814d169aac5ff38c96d6b6df2ac003524917d96431947b7b5dc39392c752e930549da7ebcf74835924c54a289bdf36
-
SSDEEP
98304:RrMJEtdFBG9YamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R2OuAKkfePyyu:RrMIFE9ZeN/FJMIDJf0gsAGK4RFuAKkj
Behavioral task
behavioral1
Sample
YeIoxi.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
YeIoxi.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
9 1G�O_.pyc
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
9 1G�O_.pyc
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
YeIoxi.exe
-
Size
6.0MB
-
MD5
b907fdffcf20892db3eeb81abb14930c
-
SHA1
ad94b36fbcc1a3ff67c5cb430915ffe29f095228
-
SHA256
25e5364b68dd722918c975cb1c14104bcca9bd74be7d34a80d6c7aa46e1093a4
-
SHA512
ef1670a4585d8525751d1a485c4a6684a8814d169aac5ff38c96d6b6df2ac003524917d96431947b7b5dc39392c752e930549da7ebcf74835924c54a289bdf36
-
SSDEEP
98304:RrMJEtdFBG9YamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R2OuAKkfePyyu:RrMIFE9ZeN/FJMIDJf0gsAGK4RFuAKkj
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
9 1G�O_.pyc
-
Size
857B
-
MD5
04d4f1dcab35a07d9b4a17083285cab6
-
SHA1
e037a8a5f5062080bcf0a0bb4f6a4e858cdb5286
-
SHA256
bcf6e0316e54dffccbda52d921ddf74d8b7a227eae0c8312e1474a3f562f76be
-
SHA512
59b5655cb3110146998dbe64e6b42a5e1bb3e3769f2e6a42e2dccbfb6ae123301dbd5c87e09788574fca6a520ae20fe3512ff3b38eb970349a1fcc3a39ce1584
Score1/10 -