Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Cheats.exe
-
Size
1.8MB
-
Sample
240629-s6cpdstdjk
-
MD5
4f40fe592b8c8dde38b0e56d1c987060
-
SHA1
73d386dddf6d9aa2ba7347b54d7adb370e35163e
-
SHA256
399350fa770109605394a96f46edd77f1b3895f8b1ea435c34240a0d40c10b76
-
SHA512
3c7ae1bc65ca98312e3798f5d41942208e7d3a0bff950ad262b7d63a2c46f485e16aa5e2427896e712ee38dac2815a8e8e6d3a8919a04ef21395adfec65d1e40
-
SSDEEP
24576:4HnYUXRQmcVNit/+nmGSbhn1s6zUwY4x2FiZlD+DnX7gSf:4HYUXGvbmGSbh1s69YbFifyjcSf
Malware Config
Targets
-
-
Target
Cheats.exe
-
Size
1.8MB
-
MD5
4f40fe592b8c8dde38b0e56d1c987060
-
SHA1
73d386dddf6d9aa2ba7347b54d7adb370e35163e
-
SHA256
399350fa770109605394a96f46edd77f1b3895f8b1ea435c34240a0d40c10b76
-
SHA512
3c7ae1bc65ca98312e3798f5d41942208e7d3a0bff950ad262b7d63a2c46f485e16aa5e2427896e712ee38dac2815a8e8e6d3a8919a04ef21395adfec65d1e40
-
SSDEEP
24576:4HnYUXRQmcVNit/+nmGSbhn1s6zUwY4x2FiZlD+DnX7gSf:4HYUXGvbmGSbh1s69YbFifyjcSf
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1