Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

DDOS BOT.exe

windows7-x64

7

DDOS BOT.exe

windows10-2004-x64

8

��4��gF.pyc

windows7-x64

��4��gF.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DDOS BOT.exe

  • Size

    6.6MB

  • Sample

    240630-ey2rnateqe

  • MD5

    c7eb903f2aee952fabb6eb81f176f791

  • SHA1

    a79bd76663c3baa6e344fae86a04d8d6650b3538

  • SHA256

    19a6200e0f088a75f42d07318dbb577ca8541cacd8836e1ac1623c190d80aaea

  • SHA512

    20b6043c19f76f10df06473c65a79de41984d11bf6bd5eb0b26226176623c7f2f0395d4898b81d423bce648ac095ca4126889f9c9c1f19f61255f1887b2ff8f2

  • SSDEEP

    196608:vIrAEtDOYbwtZVZibPpG2QdSE3zsH5nNo:wdtBbeYbhG2Q0As1No

Score
10/10
blankgrabberdefense_evasionexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      DDOS BOT.exe

    • Size

      6.6MB

    • MD5

      c7eb903f2aee952fabb6eb81f176f791

    • SHA1

      a79bd76663c3baa6e344fae86a04d8d6650b3538

    • SHA256

      19a6200e0f088a75f42d07318dbb577ca8541cacd8836e1ac1623c190d80aaea

    • SHA512

      20b6043c19f76f10df06473c65a79de41984d11bf6bd5eb0b26226176623c7f2f0395d4898b81d423bce648ac095ca4126889f9c9c1f19f61255f1887b2ff8f2

    • SSDEEP

      196608:vIrAEtDOYbwtZVZibPpG2QdSE3zsH5nNo:wdtBbeYbhG2Q0As1No

    Score
    8/10
    upxdefense_evasionexecutionpersistenceprivilege_escalationspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1behavioral2

    • Target

      ��4��gF.pyc

    • Size

      857B

    • MD5

      e5807e5ac1c511feb96a1d57f88cbe5a

    • SHA1

      71be3d67fd38b2d5184c382a12a164c97fb34bd9

    • SHA256

      e639d4c53e361897be30c6adceeb7957b2ddf6abc8e6781f20de5aaa73b52697

    • SHA512

      0375e04bdfe94c986049041455ddc3f71710cf54a51f0d05c42545e28a6b437eee28d79c6d49e6cff41ccd46573506d268ce0a5c09158e9caeb714e7e30171ec

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks