Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
source_prepared.exe
-
Size
77.6MB
-
Sample
240921-prnlkasfpm
-
MD5
be0c805e16ec6c1dcb60c2e80287dfa0
-
SHA1
156b218b5c0ee9c0581a8a528ba3407f775191fb
-
SHA256
e5c886d22e144bd4c7001e8e8cebe4aba9b64433bbccab042950c1683e287a58
-
SHA512
d3784632154498a8589c1fcf9149719b5473cf5babd2a8a9fed3e359c5ede1403563770ae7a32291f9dc046d19c93606eb7ead3ba86f60de6f164db34857fd63
-
SSDEEP
1572864:RvHcRlnWImSk8IpG7V+VPhqFxE7ulHQBBPiYweyJulZUdgD7y3ayyOlqH1O3:RvHcRVzmSkB05awFjdQnApu/7y393cO3
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
77.6MB
-
MD5
be0c805e16ec6c1dcb60c2e80287dfa0
-
SHA1
156b218b5c0ee9c0581a8a528ba3407f775191fb
-
SHA256
e5c886d22e144bd4c7001e8e8cebe4aba9b64433bbccab042950c1683e287a58
-
SHA512
d3784632154498a8589c1fcf9149719b5473cf5babd2a8a9fed3e359c5ede1403563770ae7a32291f9dc046d19c93606eb7ead3ba86f60de6f164db34857fd63
-
SSDEEP
1572864:RvHcRlnWImSk8IpG7V+VPhqFxE7ulHQBBPiYweyJulZUdgD7y3ayyOlqH1O3:RvHcRVzmSkB05awFjdQnApu/7y393cO3
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
e150466b71e3736a1a4ba5833a2424be
-
SHA1
ebb501650d520131e4d234a431785dfa191c630e
-
SHA256
b1b849ab5de18c5cc018f941bc7362eec8d5019ec73fed3ef56a0fb7ae832fe6
-
SHA512
b656fe2446b9fa5d93a0845412f6714d6af03be7cd0417c56594b1f33cb18e8f0ef57878c45c54176b3577ac9ae840620fff73ef5c4aefcb5615b714815c335a
-
SSDEEP
384:YGC7RYmnXavkLPJrltcshntQ5saa2holHVA:YGCuvkL9ltcsttQ5saaCgHVA
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
06edc64263be4dbe97e99f510d1cf859
-
SHA1
f9f4e8fc35ddf244cb215146f5097916bfeaa96e
-
SHA256
d7444836c6013f4995383b0a76818dbc9cbc5b61965b5940dc4784a1dd333b9b
-
SHA512
ab2a84b0027413584fb3bc310f18c11c6cabb953a094120295432fbbd8c34b72f2b41176d50a43f8b0dd0c65d2e6b7bb47e755db22fb7f405cd9fb2b42b747cc
-
SSDEEP
192:kNaBBeiNR9QfUF2x3NC79F21aG67+DAhN:kPiT2XtFcjKDAhN
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
d58911ee31690aea12a3fe4bda5ca9ca
-
SHA1
a350efff87c56de2dc8edbddc557856d7ea159ea
-
SHA256
88bd58dcda76c1a090eb08b36d42ee7b807d49d32569d69ebea219c0be7075ca
-
SHA512
6bd5394c098948c488229fb93c69b979fe049d8e7697d9ae8056fd2054cbe97bc00633802d76c14c80e525f1266e87aecb01cbe1e666f6eb5e3dbb1277b20ff1
-
SSDEEP
96:ySMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:Lolvyz8evq+VBXZGQlvmV1k5hub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
c38f9b93904c57adc285f1ecc151e8a7
-
SHA1
d50dde8e63de1c26397a8376535797849a24ec03
-
SHA256
60fb1d1502b4c1c1b810fce313414d7b107ae6de7d8e303fd22b1b582b5c134d
-
SHA512
627bab4cfb6696272ee1ca2c216bdd9b1ea322e83f32929ba497fb94cfd948cad1214340de9bfb464dc1bfd3140213fd02ee9b6173e4bf7abab69b5a9dc47eca
-
SSDEEP
192:h114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:V4qWLlMFyVMHAE/4
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
172KB
-
MD5
f7fff08b649272a9658ceb91d25b2a7d
-
SHA1
e51bfea4aa7533e828ff7d0a85c78390e84e17b4
-
SHA256
7f198aa6070dbf5c03ca1969757ed40476a1c91d181985d2447ada3054bc28da
-
SHA512
9948169a23d105a22aa64591de8c5e274315793d42045cf27dfb2cdcdfd786357500e6e8bcc860c70cd3c0c87d4497c8309254a017fadfa6a2e1f1ae9a8dd1e3
-
SSDEEP
3072:CrRH2C0aOO/2A1w17roxPZTerUScdQQV+yXIvdXzbqsTxs:CrMC0aOO/2AiroSj8Syzse
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1