Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1
-
Size
373KB
-
Sample
240516-mts8qagg7v
-
MD5
6646ce0700d19a7de14da68ee446ba30
-
SHA1
38b511346413c74967eeca1a0c50cf084c7e6d8c
-
SHA256
01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1
-
SHA512
fab4269cea37ed76ca9e29145fc7c1d3b69e4ac38318026c93e8c47a564ac307d17a4b73cb1cebddbf5106abb7165ae2aac622d8aa22c287a4b48b7f0b05c8c2
-
SSDEEP
6144:GdiHaAVjjHTJvO5rWNmgKlJcB9BRcCwJJxDOejznC3lP6v2sbnz533+S9I:skaAVjL9vO5UmgGJc9KywnCJsbn8S9I
Static task
static1
Behavioral task
behavioral1
Sample
01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1.exe
Resource
win11-20240508-en
Malware Config
Extracted
stealc
default100
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1
-
Size
373KB
-
MD5
6646ce0700d19a7de14da68ee446ba30
-
SHA1
38b511346413c74967eeca1a0c50cf084c7e6d8c
-
SHA256
01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1
-
SHA512
fab4269cea37ed76ca9e29145fc7c1d3b69e4ac38318026c93e8c47a564ac307d17a4b73cb1cebddbf5106abb7165ae2aac622d8aa22c287a4b48b7f0b05c8c2
-
SSDEEP
6144:GdiHaAVjjHTJvO5rWNmgKlJcB9BRcCwJJxDOejznC3lP6v2sbnz533+S9I:skaAVjL9vO5UmgGJc9KywnCJsbn8S9I
Score10/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-