Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
327KB
-
Sample
241003-lxrzdszejg
-
MD5
1c5c4583fac0f0a8d4d5cce4f09fea4b
-
SHA1
93cbd37b219bca4782868d1cff6b009f7d83a81f
-
SHA256
2d63ff4e2c1bde1601315d12ea75a52c90b7e203f8a8e6140ab1da2e0d8a9554
-
SHA512
98ecba4533f4cf3ab99338783e4899a01b15358113982139f676ee64841ae08a3729660c2f8feaa6789af0926955d1ff3ed694c791effd3370f936ca95d19b11
-
SSDEEP
6144:PrJ+KUXaXzLZYZEcpbz03Tiaz/5b+hyDt0DfIgL3yUG80dS4Dk+xkAQpA6hh/xJ:PV+KMaXfZYZEcpbID9RL2ss3yN8Z4Qnd
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240729-en
Malware Config
Extracted
stealc
default
http://46.8.231.109
-
url_path
/c4754d4f680ead72.php
Targets
-
-
Target
file.exe
-
Size
327KB
-
MD5
1c5c4583fac0f0a8d4d5cce4f09fea4b
-
SHA1
93cbd37b219bca4782868d1cff6b009f7d83a81f
-
SHA256
2d63ff4e2c1bde1601315d12ea75a52c90b7e203f8a8e6140ab1da2e0d8a9554
-
SHA512
98ecba4533f4cf3ab99338783e4899a01b15358113982139f676ee64841ae08a3729660c2f8feaa6789af0926955d1ff3ed694c791effd3370f936ca95d19b11
-
SSDEEP
6144:PrJ+KUXaXzLZYZEcpbz03Tiaz/5b+hyDt0DfIgL3yUG80dS4Dk+xkAQpA6hh/xJ:PV+KMaXfZYZEcpbID9RL2ss3yN8Z4Qnd
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-