Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
emblemhubexternal.exe
-
Size
7.4MB
-
Sample
240513-n7gyaadf7t
-
MD5
a3d7ee1dbd187c9366ded19c8bdd655b
-
SHA1
38ad1fbbadac02758eb1b4e870426334917a7b31
-
SHA256
19583b8506d04cf7c5b2e60141b372486457043bee81104daa28f6f4d4b56200
-
SHA512
9f2efb3769c0cf1d2f6bb2262a5e1d4f7bcdd21843e7ea50f50deb3c54135201efe29d730c3fda96af873a0394281e32727c11fe145010eeedfe5a095e80c309
-
SSDEEP
196608:br9n0cDe1ULjv+bhqNVoBKUh8mz4Iv9Plu1D7A6:qieWL+9qz8/b4IzuRA6
Malware Config
Targets
-
-
Target
emblemhubexternal.exe
-
Size
7.4MB
-
MD5
a3d7ee1dbd187c9366ded19c8bdd655b
-
SHA1
38ad1fbbadac02758eb1b4e870426334917a7b31
-
SHA256
19583b8506d04cf7c5b2e60141b372486457043bee81104daa28f6f4d4b56200
-
SHA512
9f2efb3769c0cf1d2f6bb2262a5e1d4f7bcdd21843e7ea50f50deb3c54135201efe29d730c3fda96af873a0394281e32727c11fe145010eeedfe5a095e80c309
-
SSDEEP
196608:br9n0cDe1ULjv+bhqNVoBKUh8mz4Iv9Plu1D7A6:qieWL+9qz8/b4IzuRA6
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
g�KYJ�'.pyc
-
Size
1KB
-
MD5
c5d7f23a40fc165c2e2a3827ff52272d
-
SHA1
c4318e3d299a672ba1d30c212ae7e096a600a435
-
SHA256
b9546ec143531fa4c98dba41775871d0f336bcd10430f596678d17296f44b5a9
-
SHA512
acea012a22024c8b60368102b11a51f1c39de33d317940f389a0501a1384746e3954bdff8c61aaced579686a8ed35b1f2842762ee4494e6ecd7c434871fcf44f
Score1/10 -