Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

Duck+Beta.rar

windows7-x64

3

Duck+Beta.rar

windows10-2004-x64

3

Duck Beta/...In.dll

windows7-x64

1

Duck Beta/...In.dll

windows10-2004-x64

1

Duck Beta/...ck.exe

windows7-x64

3

Duck Beta/...ck.exe

windows10-2004-x64

3

Duck Beta/...PI.dll

windows7-x64

1

Duck Beta/...PI.dll

windows10-2004-x64

1

Duck Beta/...os.txt

windows7-x64

1

Duck Beta/...os.txt

windows10-2004-x64

1

Duck Beta/...or.exe

windows7-x64

1

Duck Beta/...or.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Duck+Beta.rar

  • Size

    27.0MB

  • Sample

    240819-t32psavcma

  • MD5

    31c649b674e7bb4a82b0557f46a95522

  • SHA1

    94d7f4d4b7b41519ef03b0b99fb850a53aff1620

  • SHA256

    8d6227e9a84351e5b913914d1b153b0f6db20b474edf866d31c222fc5b97701e

  • SHA512

    575cd12e2e0e5b6623c1cc14fe651de5a7ff7e3360c62b04f1e4cbb4fee5542b34afc02fd28650adc3e6320fc4bbd578cdde824776a2e3455e22593eb52450dd

  • SSDEEP

    786432:6ZwTM4UWZEa01v2jWFXlazCd2TK8OHiSHd9oT:68UWZETnYzW2bI9k

Score
9/10
collectioncredential_accessdiscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      Duck+Beta.rar

    • Size

      27.0MB

    • MD5

      31c649b674e7bb4a82b0557f46a95522

    • SHA1

      94d7f4d4b7b41519ef03b0b99fb850a53aff1620

    • SHA256

      8d6227e9a84351e5b913914d1b153b0f6db20b474edf866d31c222fc5b97701e

    • SHA512

      575cd12e2e0e5b6623c1cc14fe651de5a7ff7e3360c62b04f1e4cbb4fee5542b34afc02fd28650adc3e6320fc4bbd578cdde824776a2e3455e22593eb52450dd

    • SSDEEP

      786432:6ZwTM4UWZEa01v2jWFXlazCd2TK8OHiSHd9oT:68UWZETnYzW2bI9k

    Score
    3/10
    behavioral1behavioral2

    • Target

      Duck Beta/Beta/Main/CeleryIn.bin

    • Size

      44KB

    • MD5

      cc7e9dd40db5c538627c7645eb14d036

    • SHA1

      4ccac29689ddd6b63892df0bbbf98aa1250419bf

    • SHA256

      67c8386dc05355c49b8137990218be6177dba810fae418f0cce964c1d0082702

    • SHA512

      3a91394dfa95ce012925639f12d05cbdd3c8f0b955601043952e3b6aa89cde816107a857d772bb5528422f41f2206b5a415de8fdfed2a178f2b13904a15dc5cf

    • SSDEEP

      384:jVdzew6q0MEe7Tc8cZO1D9WDPAy7cRxoTYVJa5voVMmA2QdwB5bh1r:RYiXFcZkRcXbTYVJa8NA2jj

    Score
    1/10
    behavioral3behavioral4

    • Target

      Duck Beta/Beta/Main/Duck.exe

    • Size

      10KB

    • MD5

      3842a1e2dcf6f0b82fa9f5f3fdabb28d

    • SHA1

      049c898aaf7f8c04a6856f02ae9bf6013a11d903

    • SHA256

      3438023fab795f92a1a4399d868ed35d694cc0fc874db1acea2ce4f2805138b5

    • SHA512

      47866d6cb6946979880c466bbf7cb6f534daa81eff185dbda900912b75ae8aeafe03037a9e2ba6e462f7b775948163de3cc39a152fb6b4d09507c64682d75222

    • SSDEEP

      192:rN/0Kvu9GaGEGE0Xhz+G2ZlrHS4kqkr5/c:J/0KvurGEGECFv2ZlrHS4u5/

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      Duck Beta/Beta/Main/DuckAPI.dll

    • Size

      31KB

    • MD5

      05f001f6b4abaa5d079615a5645b4853

    • SHA1

      d0c44feb2b8fdac2b5d860e97a6699a6aa64401f

    • SHA256

      39402538c01221cda3b18e85b1a7141fee440497c71bd8c7f4ee3eeda2d0f2f2

    • SHA512

      2ecb94ab2c516a273ad974c398a27e8fc9af84758744883172b9d3803bad50ca9987237d8dc0310d85dd268c571f04968682cb4e6794b086103219b5b61c89fb

    • SSDEEP

      384:NDKLgAuv9EcRO+98BIFmk7qMYNjejfsd/Dpgf0U255z1K1KKWnhx/wxzt6X0JBaM:uO9/Fmk7q0fs97ngkHIUbBViVYLi

    Score
    1/10
    behavioral7behavioral8

    • Target

      Duck Beta/Beta/Main/Executor's Infos.txt

    • Size

      113B

    • MD5

      e049540fbd46d7074cd77d84359169a8

    • SHA1

      724278aa331d8c73d54f820a469829264ea87bb7

    • SHA256

      699935b275dc6f3dc6f1b6441640b49ec1fdf8ad11a3a08a802a5a19f60b182f

    • SHA512

      c6750208ff9aa61e2226ef369a64d453144ef5e9eabdc7feb262e48a84b90c8a39ecb948b86f2d4fd09f506be05f54329b14e6ea9ae61f3c5b37fad3dc67ff5f

    Score
    1/10
    behavioral10behavioral9

    • Target

      Duck Beta/Beta/Main/Injector.exe

    • Size

      56.9MB

    • MD5

      9aeab58990277d23f089264a06d36957

    • SHA1

      d35caf48a886d89600f16d5ae83108ee42cb1ef9

    • SHA256

      cad68d89410eb050dd2c47abfb60e73acad2ebf0f2e357aa185e9c7e8ec7c3cc

    • SHA512

      2b4a2e95f29b948f66c7472cad3dddc015cb5016a106c3a392ebb82966d7c6943d005ed163a94a5428acfb422a6290d08510194e77da2da2723213c3775262be

    • SSDEEP

      786432:WMguj8Q4VfvSqFTrY37OZtPvmPv1JPnl3wT3q0+Gra4X7XVQc5KKI:WiAQIHSkH2wafCqXw9e

    Score
    9/10
    collectioncredential_accessdiscoveryexecutionspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Enumerates processes with tasklist

      discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks