Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
1qyd priv.rar
windows10-1703-x64
3qyd priv.rar
windows10-2004-x64
3qyd priv p...ME.txt
windows10-1703-x64
1qyd priv p...ME.txt
windows10-2004-x64
1qyd priv p...up.exe
windows10-1703-x64
8qyd priv p...up.exe
windows10-2004-x64
8loader-o.pyc
windows10-1703-x64
3loader-o.pyc
windows10-2004-x64
3General
-
Target
qyd priv.rar
-
Size
52.9MB
-
Sample
240911-ws75xsvhkf
-
MD5
5e42ae42fd9f077310b3499d2a2958c7
-
SHA1
b100d4824f45696294f74cd0f344cb1937b63316
-
SHA256
8a5658fe5aae0d3c0d9c882a2c212ec855f6059a438ca9382430f06ab7ea08fd
-
SHA512
8c4032d4b5d2b02aaf9f732eb09f9b8301ed47627f1f994d83e34a1cc7de26ddafa00d6b65594e56fbd205f76d5bbd6de33963783c5636ac28f907f7518756db
-
SSDEEP
1572864:xKdZhPvICyqLtk2Id8abVfhUdo8gcwuM72q+whGZnV:xKBnYolIdPbVpuo8gB2q9hGJV
Static task
static1
Behavioral task
behavioral1
Sample
qyd priv.rar
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
qyd priv.rar
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
qyd priv pred/READ ME.txt
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
qyd priv pred/READ ME.txt
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
qyd priv pred/qpred-setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
qyd priv pred/qpred-setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
loader-o.pyc
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
loader-o.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
qyd priv.rar
-
Size
52.9MB
-
MD5
5e42ae42fd9f077310b3499d2a2958c7
-
SHA1
b100d4824f45696294f74cd0f344cb1937b63316
-
SHA256
8a5658fe5aae0d3c0d9c882a2c212ec855f6059a438ca9382430f06ab7ea08fd
-
SHA512
8c4032d4b5d2b02aaf9f732eb09f9b8301ed47627f1f994d83e34a1cc7de26ddafa00d6b65594e56fbd205f76d5bbd6de33963783c5636ac28f907f7518756db
-
SSDEEP
1572864:xKdZhPvICyqLtk2Id8abVfhUdo8gcwuM72q+whGZnV:xKBnYolIdPbVpuo8gB2q9hGJV
Score3/10 -
-
-
Target
qyd priv pred/READ ME.txt
-
Size
1KB
-
MD5
f8c33fbdf52fac5f85dd135e4ed4757c
-
SHA1
0872e2c4b094c6df92fe256b08fca945b6b831ee
-
SHA256
799c1cc306480bc26cc1d68ae4f4173ce0f2768f11bcb491e112a413680e4fff
-
SHA512
4ca883de262660ddd8e65d61f858cc40466cc70451de9ec2537e39bc400724f6584edced44c21045f23e6eee5415708050eee78b426dba6e0d3b288902c909b7
Score1/10 -
-
-
Target
qyd priv pred/qpred-setup.exe
-
Size
83.3MB
-
MD5
53e4003e2f973d76d725327f9a00374c
-
SHA1
396988c2a64b24f82c16b075430acfef8fb2e45b
-
SHA256
b17cb39f3d9da2e11a0f098e075fbd104327cbcf2143ccee63fb1510810a9d09
-
SHA512
0e45f43153c4ea80a50fffd1a29ff953d589f30f0f0866a05a3e7f594bc95e8f8b579d24f48c397d3e871df280abb1eacccd65b39447cbf9d0d33d14e42f7bda
-
SSDEEP
1572864:IKB7vFQqMrlpA+Ql4OdHxTivfSioqiASrrIo:IKBJykl9Hxen1obr0
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
loader-o.pyc
-
Size
61KB
-
MD5
4da1c2751b1ab14235592b98665387e3
-
SHA1
e80b3e2288b4a56bb16613297c0145375769d023
-
SHA256
1c492f435f72342a73511d72a4ec41cb314789d46cb0a4a9e4adc7ddb5883c97
-
SHA512
a0fccc1d2f66c90234156c6c6945301ff7e96a863a83a42d64eacf5b3338d8e4f8f8996728024c84018ef001ec7b17f5b4106cf8fde096fcad80be03d2c300e0
-
SSDEEP
768:lU5RsdBJeuqUIx4Lc11n/ijkGIVY48maOFJfuuc9oLmgj3nHvVZ0FC:lU5RCJeupLc1JKiG4/a2J2uc9ojjXvf
Score3/10 -