Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Built.exe
-
Size
6.8MB
-
Sample
240706-bvsg2a1hlj
-
MD5
e804e063514ead0c7a9b984414798123
-
SHA1
7fddff7ae8b6edcefd919cae4130f8ebd8150c16
-
SHA256
5d75e738b9c615b8a141a98b7dcd9dfa697567f95572f1269b4cd773aea48563
-
SHA512
f7d617c2ac414fe90b3dba9750cfb167bbca140fb86a89ac827a153cad29011790a8492e95e49dbcb9e72cce8b6df092da1689240dbcf93bd296e218df1d5cf2
-
SSDEEP
196608:qrJ8V17B6ylnlPzf+JiJCsmFMvNn6hVvTz:lBRlnlPSa7mmvN+rz
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.8MB
-
MD5
e804e063514ead0c7a9b984414798123
-
SHA1
7fddff7ae8b6edcefd919cae4130f8ebd8150c16
-
SHA256
5d75e738b9c615b8a141a98b7dcd9dfa697567f95572f1269b4cd773aea48563
-
SHA512
f7d617c2ac414fe90b3dba9750cfb167bbca140fb86a89ac827a153cad29011790a8492e95e49dbcb9e72cce8b6df092da1689240dbcf93bd296e218df1d5cf2
-
SSDEEP
196608:qrJ8V17B6ylnlPzf+JiJCsmFMvNn6hVvTz:lBRlnlPSa7mmvN+rz
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-