Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
installer.exe
-
Size
16.3MB
-
Sample
240710-vvka7szdkr
-
MD5
75b2f3ba60fe0c078e5d7296eec68c08
-
SHA1
4f210ccdac03cab510700cb1647b4ed231507df9
-
SHA256
48334de0444dd96926c17691c1e0ff236c09d347efacd5722855688f70983d4d
-
SHA512
94ef8702922bd51cb1e1ee5608e7a2a84475278b732dbb8a3d2d4a6c215c7b53f24df71f7d94749cf9c667b96c0a63fdae1b51c147be937c3db5be0c123a173a
-
SSDEEP
393216:Su7L/O127kRhQfuwW+eGQRg93iObLRS/MLZ8tGIoCSAyFZO:SCL2DTQmwW+e5R49nR9FK8x
Behavioral task
behavioral1
Sample
installer.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
installer.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
cstealer.pyc
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
cstealer.pyc
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
installer.exe
-
Size
16.3MB
-
MD5
75b2f3ba60fe0c078e5d7296eec68c08
-
SHA1
4f210ccdac03cab510700cb1647b4ed231507df9
-
SHA256
48334de0444dd96926c17691c1e0ff236c09d347efacd5722855688f70983d4d
-
SHA512
94ef8702922bd51cb1e1ee5608e7a2a84475278b732dbb8a3d2d4a6c215c7b53f24df71f7d94749cf9c667b96c0a63fdae1b51c147be937c3db5be0c123a173a
-
SSDEEP
393216:Su7L/O127kRhQfuwW+eGQRg93iObLRS/MLZ8tGIoCSAyFZO:SCL2DTQmwW+e5R49nR9FK8x
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
75KB
-
MD5
44d80709f492610a377eafff857aa413
-
SHA1
91e53c38437797bd7e0ae5bb45a3e03144c4ec21
-
SHA256
2312b7c1b6704e66d44d44971fed7492d2fa9655009e3cc00c6a7a79e59d8c53
-
SHA512
b3b42555de7648aa4a1d6dfc94ae0503964913af7baa9528b623e5f9991a560734d43b9c88608a3cca5f13c507debfd4711951230d2932933d981b7c0b31f0d0
-
SSDEEP
1536:DvIiOtbI3vkwsJlYaa2Is8qRai+jjV6P4grrRheEX:DvQ29t2Is8HdgP4grrRnX
Score3/10 -