Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Built.exe
-
Size
7.4MB
-
Sample
240529-w12ccadh97
-
MD5
3e977af8a7c8d4f82b2cb16f8d3fc1ba
-
SHA1
0611bead6cae064efa04f4bfd5ae1b163fee558a
-
SHA256
e77a62c0b466b2e6893b27ad4d1c9773e3591a65c2dee61e0e9d22415976b63c
-
SHA512
0775b8dbadd11f4e0ce86e5dd4e8c94579b6315a895b8aa1475516d21726fe4825b90b692a8931b34be30bd469a9e585235f001eff39007c382200145db12f57
-
SSDEEP
196608:crt60cDeaLjv+bhqNVoBKUh8mz4Iv9Plu1D7AH:gieuL+9qz8/b4IzuRAH
Malware Config
Targets
-
-
Target
Built.exe
-
Size
7.4MB
-
MD5
3e977af8a7c8d4f82b2cb16f8d3fc1ba
-
SHA1
0611bead6cae064efa04f4bfd5ae1b163fee558a
-
SHA256
e77a62c0b466b2e6893b27ad4d1c9773e3591a65c2dee61e0e9d22415976b63c
-
SHA512
0775b8dbadd11f4e0ce86e5dd4e8c94579b6315a895b8aa1475516d21726fe4825b90b692a8931b34be30bd469a9e585235f001eff39007c382200145db12f57
-
SSDEEP
196608:crt60cDeaLjv+bhqNVoBKUh8mz4Iv9Plu1D7AH:gieuL+9qz8/b4IzuRAH
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-