Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

AsProgramm...ed.exe

windows7-x64

9

AsProgramm...ed.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AsProgrammeroutprotected.exe

  • Size

    34.7MB

  • Sample

    240904-rmda5stalf

  • MD5

    969e5d2784440716dc2561999ad03e4a

  • SHA1

    0f62361615c6504e14e1e12a138c3f7f9fb5ec35

  • SHA256

    522f8ba52ee45fdab6f7cfce51c27c4ef0351438a4d20fa18a302efd4c9aa2db

  • SHA512

    d39449678016713b922beda3a7d766065b3afdcc3b4f6d07600ce19f404da70dff9cf9f8444cdeab2c58db3bbe2110ce80cca18bdf0362bdb6f4597bbd40d7d2

  • SSDEEP

    786432:Vu+a9UsWGhsFu7REPVxHl8DZ4ZYVyqJ5u/US:wRfl+PbFsdVyq+cS

Score
9/10
credential_accessdiscoveryevasionpyinstallerspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      AsProgrammeroutprotected.exe

    • Size

      34.7MB

    • MD5

      969e5d2784440716dc2561999ad03e4a

    • SHA1

      0f62361615c6504e14e1e12a138c3f7f9fb5ec35

    • SHA256

      522f8ba52ee45fdab6f7cfce51c27c4ef0351438a4d20fa18a302efd4c9aa2db

    • SHA512

      d39449678016713b922beda3a7d766065b3afdcc3b4f6d07600ce19f404da70dff9cf9f8444cdeab2c58db3bbe2110ce80cca18bdf0362bdb6f4597bbd40d7d2

    • SSDEEP

      786432:Vu+a9UsWGhsFu7REPVxHl8DZ4ZYVyqJ5u/US:wRfl+PbFsdVyq+cS

    Score
    9/10
    evasionpyinstallerthemidatrojancredential_accessdiscoveryspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks