Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ceaab53560...81.exe

windows7-x64

8

ceaab53560...81.exe

windows7-x64

7

ceaab53560...81.exe

windows10-1703-x64

10

ceaab53560...81.exe

windows10-2004-x64

10

ceaab53560...81.exe

windows11-21h2-x64

10

Resubmissions

07/05/2024, 08:48

240507-kqly5abh68 10

07/05/2024, 08:48

240507-kqjh1ahb3y 10

07/05/2024, 08:48

240507-kqh78shb3x 10

07/05/2024, 08:48

240507-kqhayabh65 10

07/05/2024, 08:48

240507-kqgz6shb3t 10

25/04/2024, 13:13

240425-qghg8sbb43 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

  • Size

    1.9MB

  • Sample

    240507-kqjh1ahb3y

  • MD5

    c4ee55c8f75cf73eb54594775e06a94a

  • SHA1

    3604f680c80cd43621ca45dc911e61e14cf24cb6

  • SHA256

    ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

  • SHA512

    f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18

  • SSDEEP

    49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT

Score
10/10
discoverypersistenceupx

Malware Config

Extracted

Credentials

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    laurentianer.de
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    squshclqf

Extracted

Credentials

Extracted

Credentials

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    basemarket.ru
  • Port:
    21
  • Username:
    zohir

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    zmk-mami.ru
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    078ae223

Extracted

Credentials

Extracted

Credentials

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    future-tech.ru
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    maria1999

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    roli.ho.ua
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    yuliana19

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    basemarket.ru
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ro.trackitonline.ru
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Iubics2018%

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    trackitonline.ru
  • Port:
    21
  • Username:
    rotaru
  • Password:
    Iubics2018%

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    trackitonline.ru
  • Port:
    21
  • Username:
    ro
  • Password:
    Iubics2018%

Targets

    • Target

      ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

    • Size

      1.9MB

    • MD5

      c4ee55c8f75cf73eb54594775e06a94a

    • SHA1

      3604f680c80cd43621ca45dc911e61e14cf24cb6

    • SHA256

      ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

    • SHA512

      f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18

    • SSDEEP

      49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT

    Score
    10/10
    discoverypersistenceupx

    • Contacts a large (688) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks