Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ChilkatDotNet46.dll

windows10-1703-x64

1

SQLiDumper.exe

windows10-1703-x64

7

SkinSoft.V...er.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SQLi Dumper v10.3.zip

  • Size

    5.9MB

  • Sample

    240809-m6bt7stenb

  • MD5

    22758f8cfc5ffe344d719989deb22b2d

  • SHA1

    165dae9c975b51c16c917a9e82953b45a17b8dc1

  • SHA256

    86f473960c2617db753c9ee8ef97fef685e7cd3e9c5eb6071f90ea6f5efc2fed

  • SHA512

    8e2584fbf1404939ebfd4207f030c4995ae7da3dd933765fefb7ddc4b5fa9265fa84bdd9a252b35ce7f2716e23bda6adc9bd540f04ba3c167aab97ee93ac45dd

  • SSDEEP

    98304:3SypHC9MozPI+xq/NBoMWEFKNRuBku6P1VIZYSApjJ9w+WQjKrewU6irlw1eIzn9:C9zPIheMWzRu16tVkqwHQjQe+ipw1jZj

Score
7/10

Malware Config

Targets

    • Target

      ChilkatDotNet46.dll

    • Size

      8.3MB

    • MD5

      c347b978db64c5b0922fdb620a30a757

    • SHA1

      765a35848098e689b6305ca04b4fbc3d1eeadafb

    • SHA256

      fa3a167968be8adfd68b88bf303efc8f71e895366bf9297679988549534a8895

    • SHA512

      d251aec584f51a9c6826a34c2f9c5eda8c86af5895a842788011947def74260c90c4ee119f538a906c08851434c8ef5a5b753a3a09e4af90180dfc87aafb672b

    • SSDEEP

      196608:BRYEFLWbcypvso0iHPWwvou67ceICkTT6Sd:BRYEFLWbXpV3HPWIou67ceILT

    Score
    1/10
    behavioral1

    • Target

      SQLiDumper.exe

    • Size

      3.0MB

    • MD5

      51d248a502a9cad01f3185bac732b44c

    • SHA1

      64767eff622a8702e8e0667aa5dacbe5d7e5e636

    • SHA256

      1dbe61f396d7158dde8547413be29925ed8b835c53377572a790139b32a0dad4

    • SHA512

      2be44bb32bedaf99c94dda1fef05f6171fe941694e933fe9a6a8783e26cbac624abf6824e3078e794212decebc99f67b934ede5527025f0f43673bc47bcd0ba4

    • SSDEEP

      49152:ERPWp+EohWYomvrvevULQVXltdtE/UlDsTW:ERPo5ohWYvrveveQtTTeU

    Score
    7/10

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

    • Target

      SkinSoft.VisualStyler.dll

    • Size

      1004KB

    • MD5

      d93366374b57b5a0fe3a1a8a1ca95f78

    • SHA1

      e35d56efef3462897893f5a305f404a88ceefcc6

    • SHA256

      14f231441dad16ef046ab97415c33195056a61b0240d7d890971e5f626068925

    • SHA512

      782380533dfaf734a669e52ff7fdee64714c3ba354f24823c8b232b4af18631e237beba48e6d3ad0f5959dac5c82f93021e4923fd65be30834ffaacb14e25eb0

    • SSDEEP

      12288:QLAItcbSuKgHKeBHLoH/WhMcPu/Vs7hIRPulgC+:05OuuKgHKUHLoHUMcPMVs4EW

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks