Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
X Executor.exe
-
Size
7.4MB
-
Sample
240818-q5k82ayhjp
-
MD5
6d90c40140099de5f0e9cd712908760e
-
SHA1
5570ae57076f2ab64833c6880d5f55b56fa47d29
-
SHA256
336fec7a946aad9d8f4039f3f329e94404529d8bffd7b2780a8ad747ab2f4e32
-
SHA512
1b217dddc644896f838c13a22357e3bd76c15a8a57847b2f09275252fe984df71cc74165c30838a2f08c66fe487bf9fcdf96b6d46154f6fda18574427972e82c
-
SSDEEP
98304:7tMcZurErvz81LpWjjUlLkvzgXO9hAlaYrzzuJZYJ1JIuIdKU73bcgVowzW:7DurErvI9pWjgyvoaYrE41JIuIkoxG
Behavioral task
behavioral1
Sample
X Executor.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
X Executor.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
D�Ó�y.pyc
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
D�Ó�y.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
X Executor.exe
-
Size
7.4MB
-
MD5
6d90c40140099de5f0e9cd712908760e
-
SHA1
5570ae57076f2ab64833c6880d5f55b56fa47d29
-
SHA256
336fec7a946aad9d8f4039f3f329e94404529d8bffd7b2780a8ad747ab2f4e32
-
SHA512
1b217dddc644896f838c13a22357e3bd76c15a8a57847b2f09275252fe984df71cc74165c30838a2f08c66fe487bf9fcdf96b6d46154f6fda18574427972e82c
-
SSDEEP
98304:7tMcZurErvz81LpWjjUlLkvzgXO9hAlaYrzzuJZYJ1JIuIdKU73bcgVowzW:7DurErvI9pWjgyvoaYrE41JIuIkoxG
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
D�Ó�y.pyc
-
Size
1KB
-
MD5
b783238cd3905f19ad2ca27993bd89bf
-
SHA1
bc7e0d396471fe8a2e8cd31d7396325fb1fdb831
-
SHA256
6b02c3fb269df5900dcb16f87ed1a0cd9bc3c2e108a20b24f353455e92506ebb
-
SHA512
c091b34f0df4ad9bc5d219d67f8725b1fabad3225f40dccc79e754317effde3e333e76c0e2d71d3bcce0d5306ec8fcf2918aaa48e63ed8bf1c41c360699198d0
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3