General
-
Target
Tria.gay.exe
-
Size
629KB
-
Sample
240508-j27vasdd53
-
MD5
b3cea39c19b4c87e9a4e5400fa5c9c48
-
SHA1
d08516f598618d5d01f4ca0f536e1c946fe6bfec
-
SHA256
c41bbd9aeb765015231cb1b05de9ef13fba577877a226817cfad9bfeebe8fc5a
-
SHA512
322e324f2fe98ab272e92cb2663b16e20db7b61a1a170e2eb1c31b0ff9bf17d1c9a6e66819bd628d9611b6ed23be2e353b465f9bb7c9662252c5a49126c1dc6d
-
SSDEEP
12288:0CQjgAtAHM+vetZxF5EWry8AJGy0Aq2aQOyfHrJnU44:05ZWs+OZVEWry8AFu2aQvfHmR
Static task
static1
Behavioral task
behavioral1
Sample
Tria.gay.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
Tria.gay.exe
Resource
win10-20240404-en
Malware Config
Extracted
discordrat
-
discord_token
MTIzNDcyMDk2NjIzNjU3MzgwNg.GAgMA7.5Fr2VglBtzELzBN5jTv1isgkXurp9_3fiYShzU
-
server_id
1235156619520901140
Targets
-
-
Target
Tria.gay.exe
-
Size
629KB
-
MD5
b3cea39c19b4c87e9a4e5400fa5c9c48
-
SHA1
d08516f598618d5d01f4ca0f536e1c946fe6bfec
-
SHA256
c41bbd9aeb765015231cb1b05de9ef13fba577877a226817cfad9bfeebe8fc5a
-
SHA512
322e324f2fe98ab272e92cb2663b16e20db7b61a1a170e2eb1c31b0ff9bf17d1c9a6e66819bd628d9611b6ed23be2e353b465f9bb7c9662252c5a49126c1dc6d
-
SSDEEP
12288:0CQjgAtAHM+vetZxF5EWry8AJGy0Aq2aQOyfHrJnU44:05ZWs+OZVEWry8AFu2aQvfHmR
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-