Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4d504bb989d53d0ac69b06091c2f8d573551dbd66e8823be4d7b52971d0b40fb
-
Size
2.6MB
-
Sample
240811-lybzkavbql
-
MD5
6d49594b78319443f5dd4b9fafddd353
-
SHA1
21fa69cafdc1dfcd1c23cedbd036769e6d60740f
-
SHA256
4d504bb989d53d0ac69b06091c2f8d573551dbd66e8823be4d7b52971d0b40fb
-
SHA512
be50969f7b2149283557d37d67cf6a75654610f506726c612dde781bd4cae36ba5166fe55e87df398992318ae0486f8773eb79cab4a679e822c7142b843d9129
-
SSDEEP
49152:f88YbbMB3dGaQxtrhqdAH/DcVfgikTFAYgYRgr5m7ff+jI7/SMH7Bdc:fTUG3dGvnqOfoJWAYgYAY2k7dtdc
Static task
static1
Behavioral task
behavioral1
Sample
Infatica P2B/infatica_agent.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Infatica P2B/infatica_agent.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Infatica P2B/unins000.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Infatica P2B/unins000.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Infatica P2B/infatica_agent.exe
-
Size
3.5MB
-
MD5
9012ee01a6f382cded63a3184d504bed
-
SHA1
d6f899531a38f0837d995f0acbc5e1538f69236e
-
SHA256
4f966328f131988979eb1401e9ef512836b35e79502877e00566a261b58409cb
-
SHA512
b77d368f3ee2dba23d5742ed0059bb308d1efb08836a7fbd9a310f9771c17797937b81fb57c230531ca22543e82ac0174b6a5876916050c1011f5878b7d325b4
-
SSDEEP
49152:XRs2r1IKqvQtRWme4s5LVc/fp18n5Igsxjq2iOIr+3r4ArUZ8:hs2SpyEme4fOTwq2iOLkQm8
Score3/10 -
-
-
Target
Infatica P2B/unins000.exe
-
Size
1.1MB
-
MD5
0c083266eec7437ba0dfe44e451ab71f
-
SHA1
4754cda6c84cea49c6a1f0d79b2c42958de2c7e9
-
SHA256
d2dcf7ed0c656532ed25cd496ac237223985bb56cb688f125cbbf940ddb9c6bb
-
SHA512
08c7140b707f78d1203f5cf21bf55dab32a63f71cf8c530af4afcfaf5a42f9431a09794708d57102d065955b1e296dab979855579e445bfdfbf649f75ce3ce22
-
SSDEEP
24576:JtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxytj:3qTytRFk6ek1Lo
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-