Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b
-
Size
2.4MB
-
Sample
240711-2l28zsxepn
-
MD5
064e974ce49d5244b3ff3722f5f3c27c
-
SHA1
32e71c4cc3bf1fdc09e20ca38b9354cc0e71d102
-
SHA256
d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b
-
SHA512
d6c619ee0b85e6fa0840830662595a3c1f18ee03c972a21cbaebc5db423a3dd2c2f8dd981f7e18ee97b0d7826734f49d13a95da4e3b9b7fb8049aae19a05cc4c
-
SSDEEP
49152:1jVC8nkD0S3zwrsXr6YkGpbAH/FwhuvBscwidRkTfRl6lir:1jODwrsXrNVAlwPTS4
Static task
static1
Behavioral task
behavioral1
Sample
d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b.exe
Resource
win7-20240705-en
Malware Config
Extracted
stealc
hate
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b
-
Size
2.4MB
-
MD5
064e974ce49d5244b3ff3722f5f3c27c
-
SHA1
32e71c4cc3bf1fdc09e20ca38b9354cc0e71d102
-
SHA256
d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b
-
SHA512
d6c619ee0b85e6fa0840830662595a3c1f18ee03c972a21cbaebc5db423a3dd2c2f8dd981f7e18ee97b0d7826734f49d13a95da4e3b9b7fb8049aae19a05cc4c
-
SSDEEP
49152:1jVC8nkD0S3zwrsXr6YkGpbAH/FwhuvBscwidRkTfRl6lir:1jODwrsXrNVAlwPTS4
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-