Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

v5 yssmrn_...ts.bat

windows7-x64

1

v5 yssmrn_...ts.bat

windows10-2004-x64

1

v5 yssmrn_/v55.exe

windows7-x64

7

v5 yssmrn_/v55.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    v5 yssmrn_.zip

  • Size

    12.2MB

  • Sample

    240601-1a43rsfd4s

  • MD5

    c48d9ff09825403a0e173a79dd02be8b

  • SHA1

    d7f76992840a22e90181f9dbc74e780976ae8370

  • SHA256

    1461efb74e4b5d0fa92d9af956faf5f2b6255e23df217f8cfea9e292f3e381f4

  • SHA512

    1a8e089f57fa9a97147c9b4e1f3f80170c05502906853c10e2a2293e68e6168da3575db3d54ff78c78962a8ebab0a830dc6658666530f0b4c7c63f9afe3f3bba

  • SSDEEP

    393216:wYvQv0n0p5eIkD+CpHKyJJHcAqEXua29ZdCh:Hv3n0mIkD+EvJ8pZO

Score
8/10
executionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      v5 yssmrn_/Requirements.bat

    • Size

      361B

    • MD5

      e7309225d0c6e6134067b04929026714

    • SHA1

      3bcb30f74b283a8828df828b6f37ac5e6cb7bde0

    • SHA256

      bd99282d58b56094bd827a74e3600acc9f49d9df5d7c64ed4ce34970720c96fc

    • SHA512

      724ac628b8f6e787d0a0ff0dac9103906e2d0e67eadc2cea073a22d92e013f2d8811ce3cd8acbaea0fb7ecf5bd0b0a60e39dee1e526e9c9e766822f83b4b35e2

    Score
    1/10
    behavioral1behavioral2

    • Target

      v5 yssmrn_/v55.exe

    • Size

      12.3MB

    • MD5

      3db8c1ee14aa746c099481bdb31d36c5

    • SHA1

      ae94f11a184b2e55f1612f9b9901378fcd65e505

    • SHA256

      c932c8185582e062ff5c2bee4ac8fe390539325d0a432c91dba5a617cc8e9ebc

    • SHA512

      28de48ae12776662a0e458754cf3be00d9b31528ae66af30ea187959ee068cbe62693d9fa7c23309fdc15487d1e25801e05f37b561a0038f61988ab22a20fdcc

    • SSDEEP

      393216:ByKRk9incp/qc8zCInj0WkJbMUWWlQ845bzS:BpR/nc8c8zCYYJwDb

    Score
    8/10
    pyinstallerupxexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks