Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
qpred-setup.exe
-
Size
83.3MB
-
Sample
240911-xwqwgsyblh
-
MD5
53e4003e2f973d76d725327f9a00374c
-
SHA1
396988c2a64b24f82c16b075430acfef8fb2e45b
-
SHA256
b17cb39f3d9da2e11a0f098e075fbd104327cbcf2143ccee63fb1510810a9d09
-
SHA512
0e45f43153c4ea80a50fffd1a29ff953d589f30f0f0866a05a3e7f594bc95e8f8b579d24f48c397d3e871df280abb1eacccd65b39447cbf9d0d33d14e42f7bda
-
SSDEEP
1572864:IKB7vFQqMrlpA+Ql4OdHxTivfSioqiASrrIo:IKBJykl9Hxen1obr0
Static task
static1
Behavioral task
behavioral1
Sample
qpred-setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
qpred-setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
loader-o.pyc
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
loader-o.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
qpred-setup.exe
-
Size
83.3MB
-
MD5
53e4003e2f973d76d725327f9a00374c
-
SHA1
396988c2a64b24f82c16b075430acfef8fb2e45b
-
SHA256
b17cb39f3d9da2e11a0f098e075fbd104327cbcf2143ccee63fb1510810a9d09
-
SHA512
0e45f43153c4ea80a50fffd1a29ff953d589f30f0f0866a05a3e7f594bc95e8f8b579d24f48c397d3e871df280abb1eacccd65b39447cbf9d0d33d14e42f7bda
-
SSDEEP
1572864:IKB7vFQqMrlpA+Ql4OdHxTivfSioqiASrrIo:IKBJykl9Hxen1obr0
Score8/10-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
loader-o.pyc
-
Size
61KB
-
MD5
4da1c2751b1ab14235592b98665387e3
-
SHA1
e80b3e2288b4a56bb16613297c0145375769d023
-
SHA256
1c492f435f72342a73511d72a4ec41cb314789d46cb0a4a9e4adc7ddb5883c97
-
SHA512
a0fccc1d2f66c90234156c6c6945301ff7e96a863a83a42d64eacf5b3338d8e4f8f8996728024c84018ef001ec7b17f5b4106cf8fde096fcad80be03d2c300e0
-
SSDEEP
768:lU5RsdBJeuqUIx4Lc11n/ijkGIVY48maOFJfuuc9oLmgj3nHvVZ0FC:lU5RCJeupLc1JKiG4/a2J2uc9ojjXvf
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-