Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cf1e0e2019d7b2a1535c3ac8e6de29fcea80e690116d0f6f2ac50205277086fe
-
Size
272KB
-
Sample
240930-dblaqaycpg
-
MD5
fcddcc6103abdc8512e6aef6a41944a0
-
SHA1
102acf317f50f0d45dc93f804e20ec8c7ab3a151
-
SHA256
cf1e0e2019d7b2a1535c3ac8e6de29fcea80e690116d0f6f2ac50205277086fe
-
SHA512
709786c78d44ea9e71d93beb8c09ca3d6225eac03434d5642bb42864f1d366056429806b6aae5f65e4766710cfaed5dafdfa8ee9fe2ed487738db44d7fc55e1c
-
SSDEEP
6144:ijOZOz0jOZ+ghfu3WujOZsfRYDjbvKT8N5XaMLPOgRv+qR:ijOZOz0jOZ+g1umujOZsCq8NNPl9+q
Malware Config
Targets
-
-
Target
cf1e0e2019d7b2a1535c3ac8e6de29fcea80e690116d0f6f2ac50205277086fe
-
Size
272KB
-
MD5
fcddcc6103abdc8512e6aef6a41944a0
-
SHA1
102acf317f50f0d45dc93f804e20ec8c7ab3a151
-
SHA256
cf1e0e2019d7b2a1535c3ac8e6de29fcea80e690116d0f6f2ac50205277086fe
-
SHA512
709786c78d44ea9e71d93beb8c09ca3d6225eac03434d5642bb42864f1d366056429806b6aae5f65e4766710cfaed5dafdfa8ee9fe2ed487738db44d7fc55e1c
-
SSDEEP
6144:ijOZOz0jOZ+ghfu3WujOZsfRYDjbvKT8N5XaMLPOgRv+qR:ijOZOz0jOZ+g1umujOZsCq8NNPl9+q
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Suspicious use of SetThreadContext
-