Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
04072024_0303_03072024_Message_20240703082651_snippa.zip
-
Size
2.0MB
-
Sample
240704-dkcd6s1dlp
-
MD5
d4d9594bc1e7aff27a623c4972620712
-
SHA1
eb8a4ed87a990e2487ebe1fe9fc0a350472c4542
-
SHA256
457f35de1b15d62282ce17e1d53b2df1a6cea43e1f139012bec66cd5bcc871b9
-
SHA512
a6da9e21aa616b608f392ef3db136578411368002655b543f834b0f29229ed0209dc9272c97c22fb43ed5ddcbc0a8bd9d725e886750661a4704b0e6b8b26085c
-
SSDEEP
49152:qvorjcKgbQR6HJ6yO8iAF5RwO+gvZ1PnYa76eD+Ah8FyexdnICOh84j+EKRT:ljcfER6e875KMvzPRbvKyCOm4ibRT
Static task
static1
Behavioral task
behavioral1
Sample
Message_20240703082651_snippa/Message_20240703082651_snippa.wav.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Message_20240703082651_snippa/Message_20240703082651_snippa.wav.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1257666720059883600/GpvO8nlJrX2Jfw18M2Dv1On2EhjpqEV6IdGUgDeaq1dyExXmT-HJ2LXpbfIs34JU1GkX
Targets
-
-
Target
Message_20240703082651_snippa/Message_20240703082651_snippa.wav.exe
-
Size
2.2MB
-
MD5
b862a2b99c3968173b3de780bd696027
-
SHA1
7531769525187639f1530b42f221ad1a9b189a8f
-
SHA256
e600f4c6b7476c6a87f2cb342b46e0e7b96790c2b25448af030e866b71f2b4b6
-
SHA512
9bec24ed3dfdb71c8433a8fb2923423c543554e484b77c7a15c344e66d2c840188e0e4f87582a32a00580df4e5cb89d62b54892d3f9b19a671bde668fff5fb8e
-
SSDEEP
49152:cJuGb6/6D58MO8qA3hRg+Egv9LPb0S7CmeULsPy8x11eIwhmX6c:cJJW/6W8hheEvRPPP3cy6woX6
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-