Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
✵s͜͡et-Uṕ_7471_!!P͜aS̈ṩC0Dẽ✵✔.rar
-
Size
23.0MB
-
Sample
240925-kbeaqsxhrf
-
MD5
8ecdfe0414eb289bb0b24a96d5b694c5
-
SHA1
d43255e7d57c81c70782086072ca06c65cfd5806
-
SHA256
1b49165c99f49c625597584502f87e44f2b81a1ca544eb67241b9f4041e8eb6f
-
SHA512
aa98ff717072e0ffa1c04e483bed921a374dfa4cb74dc837f43c151c366f119d2d7939a841c91dd2cc3f9ddc5db9a396e6fded18574602d18be39a5a037c38d6
-
SSDEEP
393216:PRX8FjI/0+thS8bkV8No8Nxz1HFqD74v8qjBhjrQgqjFLUdei0H0Rl00+xKZTL:pqGZhS8bkVYo8NfI74vfhwgqjdKei0EV
Static task
static1
Behavioral task
behavioral1
Sample
!Saẗup☑/Setup.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://annthostiledm.shop/api
Targets
-
-
Target
!Saẗup☑/Setup.exe
-
Size
8.7MB
-
MD5
480f8cf600f5509595b8418c6534caf2
-
SHA1
dc13258ebb83bdf956523d751f67e29d6e4cf77e
-
SHA256
6d8905ec0b1dfdc0a10d1cce40714ddd73205a09ad390b933ddbecdcf06a4cf2
-
SHA512
f0bd99f68d59e80538fb276945d0f383394cb94a35c6d12ebd3e87061222249f78b9ca75716b33e36b66842b97c71149612111fcb6a8a3bc3a97635b03934aaf
-
SSDEEP
196608:Ywdj1UbkCchr3rlFE8GCWhKUzGZ3gRTFHnBz58//o:Yw91Ubkxhr3rlFHWhKUzGZ3gRTFhzi/o
-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2