Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

07/05/2024, 08:48 UTC

240507-kqly5abh68 10

07/05/2024, 08:48 UTC

240507-kqjh1ahb3y 10

07/05/2024, 08:48 UTC

240507-kqh78shb3x 10

07/05/2024, 08:48 UTC

240507-kqhayabh65 10

07/05/2024, 08:48 UTC

240507-kqgz6shb3t 10

25/04/2024, 13:13 UTC

240425-qghg8sbb43 7

General

  • Target

    ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

  • Size

    1.9MB

  • Sample

    240507-kqjh1ahb3y

  • MD5

    c4ee55c8f75cf73eb54594775e06a94a

  • SHA1

    3604f680c80cd43621ca45dc911e61e14cf24cb6

  • SHA256

    ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

  • SHA512

    f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18

  • SSDEEP

    49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    mt.fr
  • Port:
    21
  • Username:
    aurea.rodriguez@mt.fr
  • Password:
    imagine1

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    laurentianer.de
  • Port:
    21
  • Username:
    matthias2010@laurentianer.de
  • Password:
    squshclqf

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    basemarket.ru
  • Port:
    21
  • Username:
    zohir@basemarket.ru

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    kryolan.ru
  • Port:
    21
  • Username:
    karina@kryolan.ru
  • Password:
    gmnypvwt

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    basemarket.ru
  • Port:
    21
  • Username:
    zohir

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    zmk-mami.ru
  • Port:
    21
  • Username:
    tsareva.i@zmk-mami.ru
  • Password:
    078ae223

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    diapazon.ru
  • Port:
    21
  • Username:
    el@diapazon.ru
  • Password:
    dscjnf

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    rasa.pro
  • Port:
    21
  • Username:
    info@rasa.pro
  • Password:
    ybeewwt

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    future-tech.ru
  • Port:
    21
  • Username:
    deryabina.m@future-tech.ru
  • Password:
    maria1999

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    roli.ho.ua
  • Port:
    21
  • Username:
    yliana_kostiuk@roli.ho.ua
  • Password:
    yuliana19

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    basemarket.ru
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ro.trackitonline.ru
  • Port:
    21
  • Username:
    rotaru@ro.trackitonline.ru
  • Password:
    Iubics2018%

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    trackitonline.ru
  • Port:
    21
  • Username:
    rotaru
  • Password:
    Iubics2018%

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    trackitonline.ru
  • Port:
    21
  • Username:
    ro
  • Password:
    Iubics2018%

Targets

    • Target

      ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

    • Size

      1.9MB

    • MD5

      c4ee55c8f75cf73eb54594775e06a94a

    • SHA1

      3604f680c80cd43621ca45dc911e61e14cf24cb6

    • SHA256

      ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

    • SHA512

      f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18

    • SSDEEP

      49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT

    • Contacts a large (688) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.