Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0x000100000002aefd-1508.exe
-
Size
18.6MB
-
Sample
240531-bbgw7agg7y
-
MD5
be6f0314151c5b03773f14056eab8a01
-
SHA1
80f59a30e7fba47ee4d7a7322fff2bc636104a97
-
SHA256
2ab4beb5e8ca54126e673573be3b14addf4109b31d071f4cc8bac838856fd8cd
-
SHA512
b7392d3aa8a28af7456726e269f0dcbf03afcca85d4bbf65b3318dc4110d62a45a7889edaf99917ac72baaf5a2dbcc2be8292164aa7e0045c1cbdf4485496bb2
-
SSDEEP
393216:4NEkULrpBcrouidQuslrfrAZYCuPJO8z19P2uDW8B3+d9vkegxG2J1:685BmotdQu4MJuxZz1RbW8BOd9vkzpJ1
Malware Config
Targets
-
-
Target
0x000100000002aefd-1508.exe
-
Size
18.6MB
-
MD5
be6f0314151c5b03773f14056eab8a01
-
SHA1
80f59a30e7fba47ee4d7a7322fff2bc636104a97
-
SHA256
2ab4beb5e8ca54126e673573be3b14addf4109b31d071f4cc8bac838856fd8cd
-
SHA512
b7392d3aa8a28af7456726e269f0dcbf03afcca85d4bbf65b3318dc4110d62a45a7889edaf99917ac72baaf5a2dbcc2be8292164aa7e0045c1cbdf4485496bb2
-
SSDEEP
393216:4NEkULrpBcrouidQuslrfrAZYCuPJO8z19P2uDW8B3+d9vkegxG2J1:685BmotdQu4MJuxZz1RbW8BOd9vkzpJ1
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-