Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f0131bbdceda283f968e9b74c3adecbed592c93c6acb6ff7944e939b2d773934
-
Size
372KB
-
Sample
240507-bw62tacd2t
-
MD5
9e6cca166fe4fe862cf5f6d1a63f66d3
-
SHA1
8d7e9b649cae6fcbdbdbc704318ca24206d55380
-
SHA256
f0131bbdceda283f968e9b74c3adecbed592c93c6acb6ff7944e939b2d773934
-
SHA512
c83f986718c7f7347f88568ef672901c019953f16cf19e0629ce044e8c12279eadd8f68f5097dc425ca73dca3a2b275a5a55ce46853d8028d28a661befb0b7af
-
SSDEEP
6144:pl+08UGGfdzF7qxvwcB793ituNKkzXwGZTapc:p808UGgdtqrhauN3Xwwapc
Static task
static1
Behavioral task
behavioral1
Sample
f0131bbdceda283f968e9b74c3adecbed592c93c6acb6ff7944e939b2d773934.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
f0131bbdceda283f968e9b74c3adecbed592c93c6acb6ff7944e939b2d773934
-
Size
372KB
-
MD5
9e6cca166fe4fe862cf5f6d1a63f66d3
-
SHA1
8d7e9b649cae6fcbdbdbc704318ca24206d55380
-
SHA256
f0131bbdceda283f968e9b74c3adecbed592c93c6acb6ff7944e939b2d773934
-
SHA512
c83f986718c7f7347f88568ef672901c019953f16cf19e0629ce044e8c12279eadd8f68f5097dc425ca73dca3a2b275a5a55ce46853d8028d28a661befb0b7af
-
SSDEEP
6144:pl+08UGGfdzF7qxvwcB793ituNKkzXwGZTapc:p808UGgdtqrhauN3Xwwapc
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-