Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
945a7cd9f48b9258a0d6a66f3e53e995.bin
-
Size
162KB
-
Sample
240820-bzgw4a1cqm
-
MD5
20377d16e9eb203a29518a6885fcd063
-
SHA1
fb62c6b832fe82fd03a538af7f3da7863322ce42
-
SHA256
4081885454a7f63784d5e6dfe56827bc1f6c994d2e146556ff77cc61d86c53c6
-
SHA512
305106218e62f5201adbb7b8bd3f3ad0a9bfe461926f3f10f025013ab26d8d4643de36840c6cd085186f2a00edece4a7ddd92b8c1ddc806ebe4055d27d18cc1e
-
SSDEEP
3072:NGLcVwbglYRD4Uh/Q/iOV5QEizO1RyU7kou57nKRZVRcF8:HVR84e/Q/ZKEiq1s4uIVCK
Static task
static1
Behavioral task
behavioral1
Sample
f6b9b4d109149a7788c23795978cb0a581e2c3c82c67b6df87e5939f148f9972.exe
Resource
win7-20240729-en
Malware Config
Extracted
stealc
default
http://62.204.41.151
-
url_path
/edd20096ecef326d.php
Targets
-
-
Target
f6b9b4d109149a7788c23795978cb0a581e2c3c82c67b6df87e5939f148f9972.exe
-
Size
296KB
-
MD5
945a7cd9f48b9258a0d6a66f3e53e995
-
SHA1
731e7a27e0eb01010c7c6e98d1cdbc572bbd59e4
-
SHA256
f6b9b4d109149a7788c23795978cb0a581e2c3c82c67b6df87e5939f148f9972
-
SHA512
9e341dc9f54bb23ab32888c33153eae79d4e04f55a220bce517afdd237ed487d744d39137cb39ffdba0e1829a4772bccfb152cb76c8847956363ec7f080c8707
-
SSDEEP
3072:O3xF1vhTaXLw1jIgGPSv9IjrGuV+P46YgWRgZO65AKk0hEl:olhTa7ajTGPRrGuEP46Y35mKl
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-