Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
hy.ps1
-
Size
9.0MB
-
Sample
240425-qex5xaba4z
-
MD5
c867dbeca2907417d58f0bfb4de699d6
-
SHA1
fa942ea34e59c938d9c307a9c5054118b21fa699
-
SHA256
19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3
-
SHA512
2658decfca16f085932c43ee6397cb449ab7ecf041d2c46630a5fdb3075c21eb9e5836ddb2e9018f4aac99f68ba9a1c3e19973da5c9ca58fc9bb2f7278b557e5
-
SSDEEP
24576:sEAjJLSsZ05S8PllqWR4Q4/YVwCxCpMt8JNim5irz5aRt5vQZUZMc7JS0Ccn3ban:W8RVkwoFZ0qQpynBV
Static task
static1
Behavioral task
behavioral1
Sample
hy.ps1
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
hy.ps1
Resource
win10v2004-20240412-en
Malware Config
Extracted
asyncrat
Default
91.92.252.234:3232
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
hy.ps1
-
Size
9.0MB
-
MD5
c867dbeca2907417d58f0bfb4de699d6
-
SHA1
fa942ea34e59c938d9c307a9c5054118b21fa699
-
SHA256
19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3
-
SHA512
2658decfca16f085932c43ee6397cb449ab7ecf041d2c46630a5fdb3075c21eb9e5836ddb2e9018f4aac99f68ba9a1c3e19973da5c9ca58fc9bb2f7278b557e5
-
SSDEEP
24576:sEAjJLSsZ05S8PllqWR4Q4/YVwCxCpMt8JNim5irz5aRt5vQZUZMc7JS0Ccn3ban:W8RVkwoFZ0qQpynBV
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-