Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a190d0b27496535d769fcefad1c9cd7ccb95f0a8b31420d56a0fb04ee296e729
-
Size
2.4MB
-
Sample
240709-gtywbasajc
-
MD5
dc6d0e94da95046ac49210eb69d07f3a
-
SHA1
b4eafd79759bbf40a1205f2d523a0820c434d4f4
-
SHA256
a190d0b27496535d769fcefad1c9cd7ccb95f0a8b31420d56a0fb04ee296e729
-
SHA512
98ed20e3ea7eaf0e03415a319a2e705df07be86cb6c9323936ead95961819f300861dbac59446b2c79ab28dd354b150bc1aa5f835c135dbfa2d0347b3e24bc24
-
SSDEEP
49152:kx6msz9jU7CmI3hqFHGiAX3wv//EJQQ/6lUyiMcIzC0+bS+2lV0:RZUGmIxqFHiX3w8JQU6lUdMxzL+bS+2+
Static task
static1
Behavioral task
behavioral1
Sample
43fefcf79068cf7cb0b45426f60c89eb92943c652be486e9b9ecd7d5b92ce282.exe
Resource
win7-20240705-en
Malware Config
Extracted
stealc
Nice
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
43fefcf79068cf7cb0b45426f60c89eb92943c652be486e9b9ecd7d5b92ce282.exe
-
Size
2.4MB
-
MD5
b618c6daef256eeded4cc8c92b5f7110
-
SHA1
f4775fb13f91ac4dede2f2bd24bb0170851923e7
-
SHA256
43fefcf79068cf7cb0b45426f60c89eb92943c652be486e9b9ecd7d5b92ce282
-
SHA512
27b526f5f821dc74f1a555795a14c74e5532898681dfebc4ddc08df334fccd60feea931e9db038056df28a509cfc813cd281db3ad382072d52aaae57ecc0f2e6
-
SSDEEP
49152:HIChsgHpNPYI9N/DsLps9bOULnDs4g3kGh8haNZ+OmFIYk4xO:oZgHTwI9N/oL8Osn9pGIaf+qY5
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-