Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Loader.exe

windows7-x64

7

Loader.exe

windows10-2004-x64

8

Builder.pyc

windows7-x64

3

Builder.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    52.6MB

  • Sample

    240523-rtqj2sec61

  • MD5

    b37c85a609a3a9927fb52a185ba1ea4e

  • SHA1

    1cab5544c2c0e7eeeb7bec84c7a83fd2a9739914

  • SHA256

    e443fc596e951b82a800ebebf6d8ceb73c8ebd49d79e27891e7fe0e03d9eae59

  • SHA512

    2f58378573e8c90db68153ac3f1315636089c445dfb6405995e3d3f18923656e8381a201d051fa717942a9e18b3d33b77cb53929276491c87e8ea3524a332761

  • SSDEEP

    1572864:HSwHnqf3Gd6xdnj+YV5sz4+wE7fzqre0KAx:HSOnyo6VVN+poVx

Score
8/10
executionspywarestealerupx

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      52.6MB

    • MD5

      b37c85a609a3a9927fb52a185ba1ea4e

    • SHA1

      1cab5544c2c0e7eeeb7bec84c7a83fd2a9739914

    • SHA256

      e443fc596e951b82a800ebebf6d8ceb73c8ebd49d79e27891e7fe0e03d9eae59

    • SHA512

      2f58378573e8c90db68153ac3f1315636089c445dfb6405995e3d3f18923656e8381a201d051fa717942a9e18b3d33b77cb53929276491c87e8ea3524a332761

    • SSDEEP

      1572864:HSwHnqf3Gd6xdnj+YV5sz4+wE7fzqre0KAx:HSOnyo6VVN+poVx

    Score
    8/10
    upxexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Builder.pyc

    • Size

      261KB

    • MD5

      88e7c431909e81ba2277549fc723c330

    • SHA1

      cb56b68d13499c3918892f4edfbe3dfaa4de68d0

    • SHA256

      8a8c154099668d750b23d09c398594572501382ac28c1605d164f7b745dbf499

    • SHA512

      3fc3b4a9d7ceab2b4fd8855c5b05fe9df3add797ef3fa9b44e0c7ff03162358cfd1ce356e352f7cb4a89099b3bfd6f58103b53656b856daef5d5a4aeb03dcd31

    • SSDEEP

      3072:6zDI4ykuQA8BnPZ05DTvtIM/zQ8J7sdd3:ixykuL8BnPW5nFIMrQ8Jwdp

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks