Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
D-Delusion.rar
-
Size
7.3MB
-
Sample
240526-23ffjsgc87
-
MD5
e353afe3cc54217216ba4aba2e7bd777
-
SHA1
3259b7cd72bb864ec14494ce956cb11f6af5ad28
-
SHA256
f9e0409810ad0093917c0006420bb5a051ec19949c7128296192a04a93f85794
-
SHA512
0ea0521e4b1b7b10709fccecefd743553d87105b761c4a69933999741f2c7a7fdfe2bf0c181576bb613ad927a2cc7c75b891b7d1498f2d9e690e64c881caf3cd
-
SSDEEP
196608:YgiA4i1xM0WIwaLCeowJUyux6gFNWgRobvfDZM:xki1WCLCX8HskgmjZM
Behavioral task
behavioral1
Sample
D-Delusion/Delusion.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
D-Delusion/Delusion.exe
-
Size
7.5MB
-
MD5
f8c63eca8b26883c30d2240008b07150
-
SHA1
ccfe5cf24b93114ceb5eca37d9412d3d5c9abd51
-
SHA256
1bbd2b8817ad1726c8bcc7a13611164010bf04f70527e0bc61c2e408c23330f4
-
SHA512
8b8f31931bc58dbefbaf74ca6072cdc91993eb5bfc2a683725939e44d935a5af53bf61a1fcfba4b061c362ad51b9efc45adffb94344cbf3806595272848d7f70
-
SSDEEP
196608:ar97YS6Kc5OshoKMuIkhVastRL5Di3uh1D7J9:CYS85OshouIkPftRL54YRJ9
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-