Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Ectasy.exe
-
Size
48.6MB
-
Sample
240502-ynrngsef7y
-
MD5
39ff44451f15bc03b60e370aac9768ed
-
SHA1
a8b444a0275ab72ed6fbafc71282c621b16e4177
-
SHA256
dedc2c4b5affbfc481e21b182d3870741223f13863071ad84ef9ad52d245f87d
-
SHA512
8d387908860ea268bcc1a5e37b1f8262cec9332553295b0b4858b054d5fd848748ae7eef3e11446acdbc24e089b93a46b0b54b7e743f6fa64bcd6389ad689b09
-
SSDEEP
393216:45S5AWfqy4gP8AxYDX1+TtIiFYY9Z8D8Ccl6l+gqE5PKk9buK+:+aAWfx4bX71QtIDa8DZcIlKbkEK+
Malware Config
Targets
-
-
Target
Ectasy.exe
-
Size
48.6MB
-
MD5
39ff44451f15bc03b60e370aac9768ed
-
SHA1
a8b444a0275ab72ed6fbafc71282c621b16e4177
-
SHA256
dedc2c4b5affbfc481e21b182d3870741223f13863071ad84ef9ad52d245f87d
-
SHA512
8d387908860ea268bcc1a5e37b1f8262cec9332553295b0b4858b054d5fd848748ae7eef3e11446acdbc24e089b93a46b0b54b7e743f6fa64bcd6389ad689b09
-
SSDEEP
393216:45S5AWfqy4gP8AxYDX1+TtIiFYY9Z8D8Ccl6l+gqE5PKk9buK+:+aAWfx4bX71QtIDa8DZcIlKbkEK+
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-