Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29.exe

  • Size

    319KB

  • Sample

    240719-p3zg7ssark

  • MD5

    e8e59836a0fe2dfebcbde148711b5d56

  • SHA1

    cd8fbf0dcdd429c06c80b124caf574334504e99a

  • SHA256

    2960a2d4d2fd6b7b85b8e3ea4c86ec0c13b93bfd3754a7e772a2c74f564b0009

  • SHA512

    0d0673c64f9e9e1c75e10ce6d02c4b5530831d1659ada88acf951e2bcbd56c38f0c59674b3eb7837fd882b23499eb350f2925fd67d3fdf51992d9a4312a02309

  • SSDEEP

    6144:CZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6BJXCcOS8W78U2kGHF4143nip:kANwRo+mv8QD4+0V167XDOSDN2JF41me

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.mail.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    9b0P96R6nBreNQrU3Cte

Targets

    • Target

      29.exe

    • Size

      319KB

    • MD5

      e8e59836a0fe2dfebcbde148711b5d56

    • SHA1

      cd8fbf0dcdd429c06c80b124caf574334504e99a

    • SHA256

      2960a2d4d2fd6b7b85b8e3ea4c86ec0c13b93bfd3754a7e772a2c74f564b0009

    • SHA512

      0d0673c64f9e9e1c75e10ce6d02c4b5530831d1659ada88acf951e2bcbd56c38f0c59674b3eb7837fd882b23499eb350f2925fd67d3fdf51992d9a4312a02309

    • SSDEEP

      6144:CZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6BJXCcOS8W78U2kGHF4143nip:kANwRo+mv8QD4+0V167XDOSDN2JF41me

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

MITRE ATT&CK Enterprise v15

Tasks