Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
MetaScalpSetup.exe
-
Size
129.8MB
-
Sample
240709-fqykpsxdnm
-
MD5
385b5b76e12c76c169bf7e3f6fa2c317
-
SHA1
ea281a577b99a5f29d290aca30f4ca67945d7fcc
-
SHA256
f6eb39b9b49c6ad5904d067c4845dfdd96cdccd4b979fad40af44cdc26992546
-
SHA512
9c99ca240732a95d4f1d373731179318d839b15286b41945eb465bc6b1c64f502c488811fff91b71137b59a64bcb503a87be93085a7f0509fe95bd77fcaf719c
-
SSDEEP
3145728:fOdRmy1fMkZCiZQr8iTps95xUJO5wUti1BEn6b8CQQ:2dQECiZQr8Ss94Mxi1gz7
Malware Config
Targets
-
-
Target
MetaScalpSetup.exe
-
Size
129.8MB
-
MD5
385b5b76e12c76c169bf7e3f6fa2c317
-
SHA1
ea281a577b99a5f29d290aca30f4ca67945d7fcc
-
SHA256
f6eb39b9b49c6ad5904d067c4845dfdd96cdccd4b979fad40af44cdc26992546
-
SHA512
9c99ca240732a95d4f1d373731179318d839b15286b41945eb465bc6b1c64f502c488811fff91b71137b59a64bcb503a87be93085a7f0509fe95bd77fcaf719c
-
SSDEEP
3145728:fOdRmy1fMkZCiZQr8iTps95xUJO5wUti1BEn6b8CQQ:2dQECiZQr8Ss94Mxi1gz7
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-