Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ec67c4df6a461603570002dc32e44737d9d1955e1a3a4327234065df77877658
-
Size
340KB
-
Sample
240604-fly1nsed84
-
MD5
431444f8fe7c054ac3a850c2cb936923
-
SHA1
31d4a9608b05dacc3d169180f59c41fb478052ca
-
SHA256
ec67c4df6a461603570002dc32e44737d9d1955e1a3a4327234065df77877658
-
SHA512
491b14005a328908e1de43f40eb10553c3edaaa167b418ded60b4d55bd2ce09fbc997d0359a467c3e926cd8daba10ac07429d39964834b568d61a4e27165ea6c
-
SSDEEP
6144:GLuQkUenOUWEgPq3CEGSsfXL2hEGzGsXp:GKQkLKEgN1RXLWDSK
Static task
static1
Behavioral task
behavioral1
Sample
ec67c4df6a461603570002dc32e44737d9d1955e1a3a4327234065df77877658.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
default12
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
ec67c4df6a461603570002dc32e44737d9d1955e1a3a4327234065df77877658
-
Size
340KB
-
MD5
431444f8fe7c054ac3a850c2cb936923
-
SHA1
31d4a9608b05dacc3d169180f59c41fb478052ca
-
SHA256
ec67c4df6a461603570002dc32e44737d9d1955e1a3a4327234065df77877658
-
SHA512
491b14005a328908e1de43f40eb10553c3edaaa167b418ded60b4d55bd2ce09fbc997d0359a467c3e926cd8daba10ac07429d39964834b568d61a4e27165ea6c
-
SSDEEP
6144:GLuQkUenOUWEgPq3CEGSsfXL2hEGzGsXp:GKQkLKEgN1RXLWDSK
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-