Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10source_prepared.exe
windows7-x64
7source_prepared.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
source_prepared.exe
-
Size
30.1MB
-
Sample
240805-qjzjja1brd
-
MD5
b6c2d1f205433144fe1f63206a04e666
-
SHA1
e9afa12df6a9104b39e6e6d5a5b38dc6555bae48
-
SHA256
114880dba41978dd82378f3ca0ac0084c8c9f9e15d7a1d60743d513e5a891c7d
-
SHA512
d1cb998e72768cfcbe90a58430513db5955838536af48dbd913a444625b65ec84a659ff038998b4044caaaaa66a6122775ec6def6eac7bfca72f325bde34a900
-
SSDEEP
786432:R9Z9zpKGQokRG5cw7vDrzcY87hL9XUk4v/EW8A2c5BqK511YeIX9:Hvl9QokA5cw7vzE7n5zWYwqbeIX
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
30.1MB
-
MD5
b6c2d1f205433144fe1f63206a04e666
-
SHA1
e9afa12df6a9104b39e6e6d5a5b38dc6555bae48
-
SHA256
114880dba41978dd82378f3ca0ac0084c8c9f9e15d7a1d60743d513e5a891c7d
-
SHA512
d1cb998e72768cfcbe90a58430513db5955838536af48dbd913a444625b65ec84a659ff038998b4044caaaaa66a6122775ec6def6eac7bfca72f325bde34a900
-
SSDEEP
786432:R9Z9zpKGQokRG5cw7vDrzcY87hL9XUk4v/EW8A2c5BqK511YeIX9:Hvl9QokA5cw7vzE7n5zWYwqbeIX
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
8KB
-
MD5
05b1abcf2b8f1457cee0f078bdbb04f0
-
SHA1
ce070d54e1d54ffd6c4d96b616f21b7466a062c7
-
SHA256
2e82faaefa817254cf2a9d5149e3c36c04c3e09aca0bcc1a4e4fa894e137c1b1
-
SHA512
5af2746296f191af559639b1c5463993e8c4fb25ef945677142a6a02486e6670669eb5a5bdd4c163f1bdd8bd35a7bb8998bbf32e4d0fe9d35db379cf80159a57
-
SSDEEP
192:iQR8Lslmujbwybyo5HptlYwqJFD7U6r18ZPuNz:vNmcwcpt+D7Ua18uz
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
5KB
-
MD5
ab0f8084441f8312bffc9d26193967ab
-
SHA1
82b9c1c9cd1f5a38ac2b415a96c88ce99d27455a
-
SHA256
6f67d11524ed42b8990be66aed829232514b364746fdceea30e0213204427be4
-
SHA512
1722dfe7200b5f8fef0cfc4188953621630c7ee8672586490b9309a40512eb7f99fc56ffe52f6a0970809a38e3bdd8ce1862ba6803fe6d09bdfacda1b3fe1732
-
SSDEEP
96:4Q0jzMv/ppR+xVBcnqhLchLPxrpTkBWeBDFZcj3KldyzoZ:sSZYXPhYhLP12zij3KnyA
Score3/10 -
-
-
Target
misc.pyc
-
Size
2KB
-
MD5
5bff7de9304595611b9deeea55076bd3
-
SHA1
ae5fd2f3fbac4b0587140ab41b30c4d3da286c75
-
SHA256
39c73d32dce8fe34f56ca6fce56ae54ca99456c49fa04c949a45ca7d8e7355d9
-
SHA512
4cb8277d8c02380679bcc19ec6cba2dae37b24058116e08cfec30f95a158c1c3b45590c79665ace9abbeda277f1f39be1e806fd90c8dae9a3c44cd69d1157679
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
4KB
-
MD5
dbd5603fbc95768a5f3f45e6e1f7f109
-
SHA1
b1fa1a73c1e9e0ee63cccf5a81210a8aa39bf40a
-
SHA256
657361e158e5b5d76cf2b615d58c7c34de2d06d40f1c049c0757019fadab5e13
-
SHA512
310aabd4b5ef007faaaac149ea5b182c20eb3db2ea576e1039fc86d8ed5bb7e63b437d10c2c876ab40a0f9f7782dbfc5804d02cf12a0d74d9b1fe5b1a9a035d5
-
SSDEEP
96:4APDnTWeYwD86gWxS6679kZOyfkoXyWQUUEXtH0lLCvpW1mhs0:FzCUD/S6UyRkpoUEKlLz1m+0
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
56KB
-
MD5
d417cf2665ea7525a7a0230638613503
-
SHA1
33d0c1641810a0c91268cf9f62554d51700ff433
-
SHA256
df1224e9226f84a21fe70cd68313d88e01bcbbbd00684a65c6c9ffe5c1184359
-
SHA512
ae2cb60c031b391c787cfab468f7bbe46ec206ef48b990ae4745458f1df185853bd781bb89c714aa97af0239ce06f627f8a4cb30f4e2cca9dc6039bda97a02f0
-
SSDEEP
768:hRVKq+o/bNhUr+kqo+E7YbI1xr/1P36gzQ/yx55A9xSXBLLAvoDu3++HaR:hRvzM+tfEVxrtLzQ/yx5maXAvoYJW
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1