Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
11c051782c327c662507801124f0b95b.bin
-
Size
94KB
-
Sample
240801-bddybashjj
-
MD5
6a33420d1a8c3fdd7418684edc85a694
-
SHA1
dce4164e20b7de68db2d85db604f526d29dc1311
-
SHA256
ca5f2afbc695fa6bfd7a850cd22222520df498ef1e2eb2c6e535798987eb8ed1
-
SHA512
0cfbe6c427500a1a4cbe2a3f7ce548c8291272d2816d338182acce3cbf8daf094221790943293d3b677b3437240373ef42920013a7f6baf6e64c15e03b036b43
-
SSDEEP
1536:7GKK7XF5Es+G3MMT7ct7ei4s80ljbjyBdiuffVevCvW9SC6gI0kG2Rgc9AhlbBxU:7GjMa3ffcz4HCciufQai3KGxj3xUH
Malware Config
Extracted
C:\d093fD6aI.README.txt
https://coinatmradar.com
https://www.moonpay.com/buy
https://tox.chat/download.html
Targets
-
-
Target
3c13ae9a53b29849fd3bb75d3259a23658cd687441f8bdd610487007c51d2eac.exe
-
Size
147KB
-
MD5
11c051782c327c662507801124f0b95b
-
SHA1
5dd92a1ab1cfc5b73b5dcdb3edd6ea6d498339df
-
SHA256
3c13ae9a53b29849fd3bb75d3259a23658cd687441f8bdd610487007c51d2eac
-
SHA512
239f6eba567c59cf956e4f6c8ffe6588bb2b16ede03e939f79db69ae23631881285475f634780a40f94038035fb1329743c9b57c92a9690ec927f6d372d9ca2e
-
SSDEEP
1536:GzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDuc1UR7zBEDZhT+IhMjo9Uyz:9qJogYkcSNm9V7DJ1URfqVXmjo9T
Score10/10-
Renames multiple (337) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-