Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bdf42d1fcbc83b6f51b5ff8eb0a01218d27aa4179c5dcd85e3b5ff938b6544c0
-
Size
59KB
-
Sample
240425-c7cg1sdh48
-
MD5
a9b94a77666a6117bb969cd88250604b
-
SHA1
7cf8b8e3cc540eef83c621084434aca2d865c9ee
-
SHA256
bdf42d1fcbc83b6f51b5ff8eb0a01218d27aa4179c5dcd85e3b5ff938b6544c0
-
SHA512
3043ef9d6ceb4a4b9282beb60ef53245882c8f22683ad6d589c5e0814a83704ccf26b0e0acb64721b33621f1475eba64e9b8381d5e296692f285d43f9b1680d6
-
SSDEEP
768:9qSqC8+N5ozQQCncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS69FH:9rqfzQQCamN8835mv7CUro+B
Static task
static1
Behavioral task
behavioral1
Sample
bdf42d1fcbc83b6f51b5ff8eb0a01218d27aa4179c5dcd85e3b5ff938b6544c0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bdf42d1fcbc83b6f51b5ff8eb0a01218d27aa4179c5dcd85e3b5ff938b6544c0.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
bdf42d1fcbc83b6f51b5ff8eb0a01218d27aa4179c5dcd85e3b5ff938b6544c0
-
Size
59KB
-
MD5
a9b94a77666a6117bb969cd88250604b
-
SHA1
7cf8b8e3cc540eef83c621084434aca2d865c9ee
-
SHA256
bdf42d1fcbc83b6f51b5ff8eb0a01218d27aa4179c5dcd85e3b5ff938b6544c0
-
SHA512
3043ef9d6ceb4a4b9282beb60ef53245882c8f22683ad6d589c5e0814a83704ccf26b0e0acb64721b33621f1475eba64e9b8381d5e296692f285d43f9b1680d6
-
SSDEEP
768:9qSqC8+N5ozQQCncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS69FH:9rqfzQQCamN8835mv7CUro+B
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-