Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Launcher_x64.rar

windows10-2004-x64

3

Cfg/libEGL.dll

windows10-2004-x64

1

Cfg/libGLESv2.dll

windows10-2004-x64

1

READ ME.dll

windows10-2004-x64

1

d3db.dll

windows10-2004-x64

1

injector.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Launcher_x64.rar

  • Size

    5.8MB

  • Sample

    240823-q8lc7sxgkh

  • MD5

    8a686b1ed3cc74823273c86cce5568c2

  • SHA1

    4fce5224bb02d8641bb0a720229a6fa117d33b1f

  • SHA256

    d667e812c0b3aa0f0bfa17f9326334fdae13e3d0b14af11abf64e1a0d96957d2

  • SHA512

    07965903238f20235096c2bd31074b316f698775e553e57f891de9a0c18964abbb5bf9d443336020b5e4c279109b4e925eae7e2deb6d598bfcb967acfaf18028

  • SSDEEP

    98304:ZiDtWcd4jANItNYkFJp6WMbGw1pS9EE6dgcGWDZFmuIsjIbaJcC+DGbftvfhoj8:UtWcd2AqtNY2Jp6WeGw6mE6dgcGWnjjX

Score
10/10
redlinecredential_accessdiscoveryevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      Launcher_x64.rar

    • Size

      5.8MB

    • MD5

      8a686b1ed3cc74823273c86cce5568c2

    • SHA1

      4fce5224bb02d8641bb0a720229a6fa117d33b1f

    • SHA256

      d667e812c0b3aa0f0bfa17f9326334fdae13e3d0b14af11abf64e1a0d96957d2

    • SHA512

      07965903238f20235096c2bd31074b316f698775e553e57f891de9a0c18964abbb5bf9d443336020b5e4c279109b4e925eae7e2deb6d598bfcb967acfaf18028

    • SSDEEP

      98304:ZiDtWcd4jANItNYkFJp6WMbGw1pS9EE6dgcGWDZFmuIsjIbaJcC+DGbftvfhoj8:UtWcd2AqtNY2Jp6WeGw6mE6dgcGWnjjX

    Score
    3/10
    behavioral1

    • Target

      Cfg/libEGL.dll

    • Size

      77KB

    • MD5

      f8cee9f4afb5ef9bab04af53c9e1fde3

    • SHA1

      1d88f8411fba66833581b661d75762e3c35a4827

    • SHA256

      675357d8f39b8c0e2f8ab76c156993e9885204249c0aab81245321e404063161

    • SHA512

      8e39d608600a190e71e8fa4f4e3fe345c3a1153414b8f2b7560af7a2796a3c2e83d1626d156bb5e69d8497b8f57858138b8c6db034786f6ad6daf7861b89ca9d

    • SSDEEP

      1536:VZuT1PW+HTp7VaCEjl/PdsunsW4cdaomaIME+gU:VZAzWCOjnabeE+h

    Score
    1/10
    behavioral2

    • Target

      Cfg/libGLESv2.dll

    • Size

      3.0MB

    • MD5

      d687313cb8d9d4573336668816c91a98

    • SHA1

      6ce0c8dda059cec5721b514d7968e09c9e455186

    • SHA256

      59ae240728c9b91266f852dc89fa48fe5c0fe8ce5ba297204dd24f80242a7818

    • SHA512

      96d825e319079b8459fcfa7dbdb32136541753021ffd19c2c9ad58f6b430d1866680448f514b410a1a30824f2c4a6c73b445526b4665d3f2177d3244ec4b0d18

    • SSDEEP

      49152:muC0691D6PRBIPPkeHcJw4nePJdWDcplwmwkcBHivqEYZ9vrrSc4dlfzen:Bn63InIPPkyBrvWDczw7mY2K

    Score
    1/10
    behavioral3

    • Target

      READ ME.dll

    • Size

      77KB

    • MD5

      f8cee9f4afb5ef9bab04af53c9e1fde3

    • SHA1

      1d88f8411fba66833581b661d75762e3c35a4827

    • SHA256

      675357d8f39b8c0e2f8ab76c156993e9885204249c0aab81245321e404063161

    • SHA512

      8e39d608600a190e71e8fa4f4e3fe345c3a1153414b8f2b7560af7a2796a3c2e83d1626d156bb5e69d8497b8f57858138b8c6db034786f6ad6daf7861b89ca9d

    • SSDEEP

      1536:VZuT1PW+HTp7VaCEjl/PdsunsW4cdaomaIME+gU:VZAzWCOjnabeE+h

    Score
    1/10
    behavioral4

    • Target

      d3db.dll

    • Size

      342KB

    • MD5

      e2ad678f25475947d552fbe5291d9391

    • SHA1

      285d70bcbb4f1375f89a4e59782bb8b417d7e190

    • SHA256

      2f66a29db72668ecf9bba22039de64851d30090ad6366121ef4edbb8e1508f36

    • SHA512

      7f24a05014fcf97007845c20d29a198fe2e9707a39c892054ffe0a7e2010503ae975423378be55e1601c8ca9c2e304eccef784bf1bbbb959cbc8c6030bf94f45

    • SSDEEP

      6144:X73KGHIt7YZ2lQm3QmaAxLBn9+h1bxbC9nc1h4BtIBXsTBV6XToEaQ19JAq:X73nHIt793/V/CRwW40uTT6JD3d

    Score
    1/10
    behavioral5

    • Target

      injector.exe

    • Size

      4.9MB

    • MD5

      fc502a9919380ad3e3abe216606ccf65

    • SHA1

      be529f58e69bf7de944cec6cf766343e946535bb

    • SHA256

      75cc2c6147746741e1f3b89f1557d3b68fcce002adee182db4c0034a3e19e68c

    • SHA512

      998ee98d6c9373e5a1ae950c831b39ecfe99aada5dee7bbdd6f1f83bd64c792d4a75933c0080e3ab7a85c18b8aa0dec4d9e67b9e6e53979d690f516d06bc82a6

    • SSDEEP

      98304:eNrvVUzoSmtaMnsJw6vFZXHwF5oHK6y3EGTa7oH:eF9uoScaVa691OiHRuTaS

    Score
    9/10
    credential_accessdiscoveryevasionspywarestealerthemidatrojan

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral6

MITRE ATT&CK Enterprise v15

Tasks