Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WindowsProcessHandler.exe
-
Size
23.5MB
-
Sample
240608-npg6bsbc2t
-
MD5
1dc2a722e3bb25123922b7322beb3451
-
SHA1
4b095d5c49b0e2409c1ebc35193ae6f1458939db
-
SHA256
ac333f7536d107ac4eed6e09e627bf44224333f51a37628eb8e87f5d85df6579
-
SHA512
42fcddade0848a29b2421b8e048f513edfa69408c1adc691c87c28d966e4cc6709937129b66255a23ea79c755325aa2a3c045401df3d6ebc9f064347cf7e1132
-
SSDEEP
393216:x6EkQLQ8Ogf8kRP8AxYD/1+TtIiFAuvB5IjWqJ6eclzmnbO6vYXUz+da:QYQdbkaXr1QtIPS3ILJ6ecyi6vj+da
Behavioral task
behavioral1
Sample
WindowsProcessHandler.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
WindowsProcessHandler.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
blxstealer.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
blxstealer.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
WindowsProcessHandler.exe
-
Size
23.5MB
-
MD5
1dc2a722e3bb25123922b7322beb3451
-
SHA1
4b095d5c49b0e2409c1ebc35193ae6f1458939db
-
SHA256
ac333f7536d107ac4eed6e09e627bf44224333f51a37628eb8e87f5d85df6579
-
SHA512
42fcddade0848a29b2421b8e048f513edfa69408c1adc691c87c28d966e4cc6709937129b66255a23ea79c755325aa2a3c045401df3d6ebc9f064347cf7e1132
-
SSDEEP
393216:x6EkQLQ8Ogf8kRP8AxYD/1+TtIiFAuvB5IjWqJ6eclzmnbO6vYXUz+da:QYQdbkaXr1QtIPS3ILJ6ecyi6vj+da
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
blxstealer.pyc
-
Size
65KB
-
MD5
51ecf8f5fba0aeb23e48b8add0e49185
-
SHA1
f6459096cc5256907bc6c1928a658112eb7a4841
-
SHA256
02bb136818b3521667b447c0e46369324cb92487298654e235900f0eb56cfe30
-
SHA512
acfedbb6e2a5c8b667af5ae53e4b44ec0267dca1f7d7ac73e3468002993ec4c1091a6c807872d927b840a15c322346609176843f6df6a5a02cc3d0488df85ba1
-
SSDEEP
768:Mmd+ezrx+gRAwveI+aMXu1qFBoXwZukfyzbUbIknwEziuvfZS4/QmGVOwxAxxF3n:xdjzr7RAwMuHIyzI/ntPZS4/QmGCxbnX
Score3/10 -