Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d.exe
-
Size
499KB
-
Sample
240814-bmewzayclk
-
MD5
29e3de6b17d0fdfb360834f038b59a39
-
SHA1
1e3fdca7e4dec1ebb618f69675928363657ba064
-
SHA256
8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d
-
SHA512
ebf889085bb105182739d7a748d8b12b26de3e47f11535260adac23beee3d5b43aa572b6043ace7ac068cee36529c3cf448986f3218aec742ab6fce4db47440a
-
SSDEEP
6144:AYa6iWDISW500H8LI/xMccQ/4Fizd/zyH1sGzZYhP2C1PWPYmZBP7PRcJnPGiE+t:AYM0aHqJQwFizxzSiGu2suKPGWUUrTb
Static task
static1
Behavioral task
behavioral1
Sample
8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.synergyinnovationsgroup.com - Port:
587 - Username:
[email protected] - Password:
C@p-Y8BoHc#?
Targets
-
-
Target
8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d.exe
-
Size
499KB
-
MD5
29e3de6b17d0fdfb360834f038b59a39
-
SHA1
1e3fdca7e4dec1ebb618f69675928363657ba064
-
SHA256
8cf6a3d7e5694a0453d85e67a038bb5804b6eb8969287f1d021bdb7b95234e9d
-
SHA512
ebf889085bb105182739d7a748d8b12b26de3e47f11535260adac23beee3d5b43aa572b6043ace7ac068cee36529c3cf448986f3218aec742ab6fce4db47440a
-
SSDEEP
6144:AYa6iWDISW500H8LI/xMccQ/4Fizd/zyH1sGzZYhP2C1PWPYmZBP7PRcJnPGiE+t:AYM0aHqJQwFizxzSiGu2suKPGWUUrTb
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
68b287f4067ba013e34a1339afdb1ea8
-
SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
-
SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
-
SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
SSDEEP
48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -