Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Crusher.zip
-
Size
20.8MB
-
Sample
240629-zha9zswbjf
-
MD5
05c3c22bcf1e3132fa613060371f14aa
-
SHA1
812828415b9b83f4f24584dc19aa44c78394e459
-
SHA256
a799783600bfc7c93074b7eace12f1ba2aed930e2beb67388e5b2158fe0b5ef6
-
SHA512
b6f8004ef7800f4fb847bc5f1dfa4cef2df9039d3644c429499e1dacaef6a278cd78fc4ae6df613bfe64852977412cafd607c79c9306e369f8e9e79c5aa325c3
-
SSDEEP
393216:zun/86YQXECB1405XVMPxzNc8+M8FOKfefC1Cpjg5gkWk4tuJ:i/86YFO1b5XVMjLh8FP2p0nituJ
Malware Config
Targets
-
-
Target
Crusher.bat
-
Size
122B
-
MD5
e731ae3239030d9b1b59736da83678a0
-
SHA1
575add90f5dd29ca3821a809ef74be05cf12ecd8
-
SHA256
491e86387d7e5e677f1122851e92f19b6723f3772437fbf906e6b1fe8aa49967
-
SHA512
a0870ca77222301c817e7dd2a750ebb2aad9169544993a1e4541d4d638a448c67b6b9f1b0f20fa4728e2a1b28912bc682a04750355c1a3a8e285ed91c424f4a3
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
freddurstpayload.bat
-
Size
796B
-
MD5
fda90e4c5a003ed7bf37e3c512149769
-
SHA1
2d4cf75ab93ea71bea58b79da6e5d6a8e228f20c
-
SHA256
1c3dee110048993597620155de179558f7121ada6390d843cb7d33a5dd26887a
-
SHA512
f05def505afc994d7200d14d50d4cf1b8d741ce408638b448220cd663f2c562f36f39676b352b2fd898104ef0e0df6833e8f44dbbb4be6488d2f29463b5726ce
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
-
-
Target
laughpayload.bat
-
Size
100B
-
MD5
3bada8849c3a612980f0b6f75b630787
-
SHA1
1fb4f4b180537af49eecd70ea023eb01f328f6d1
-
SHA256
b708fdb7f8d91672db22da4909e74743571865ef48258be5722fe26a9a35004a
-
SHA512
d70906d40be86e787a020a833511a763ccb8b428f737e44452093538bde3b3c239ca64c03495f7511ee8714c6aa1ca98d6a83f7bac5f141e5c7f6b0428acf1bc
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
lol.vbs
-
Size
49B
-
MD5
25e67535e2b9f4034acd6827fbbbbfb2
-
SHA1
8053317618ab02a53b10392f6bef4eae9b81b081
-
SHA256
f01b352b825ae951eafb6053776487f715661c373db34c2d50ed9984b6002b4f
-
SHA512
8314ad309515e3d4d1f0ec96ca08e17f9e37a04b3d0140e35d8f2f7352c82d677d26c149c56f9c4983f101d58c0255b28df0659687e98e78aa6cf2dfb4812226
Score1/10 -
-
-
Target
nircmd.exe
-
Size
45KB
-
MD5
9cc3c07ac4b98cfaa826d10a48888bf6
-
SHA1
c5967b86ef51a4bb5d6f4f2740a32a9c38fad91c
-
SHA256
cf29b37e1ff595120c23245a6e43a15c5c7bf3e59f0f675456b255d402f4bae7
-
SHA512
273d1a1eb13e52779d9d7942d09468626d440c66bd4504ed505c4f7d41a40ec7c12612468ed2450d293556d146174393b87a3b5d9db2101e7706c2ab741932a3
-
SSDEEP
768:XOW/mNg68vR3jU0w5N6DdM7aUsz+F2ZxJIwyZxCnogLIerQcRs842trMrvp89:Xn2gl3jBwaR5Uh0yxCzFs5zp8
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
windowpayload.bat
-
Size
95B
-
MD5
e916c6a199e53fb7a8926b74aba02a73
-
SHA1
d9b06666d647e57df25d5aaa34c0b2449a68cc7e
-
SHA256
ccf335b3e5ddecc653338dfb68bf7c81062ba2b189c2e821775967590293bba1
-
SHA512
1918f8ea547390d43257c52d70275b5e438b0b0695afd381c59910efc5d2fa4f99ba29c248579c9a6eec8f8490cf4f5b025c0e827fd78a5317f60558a0de615b
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-