Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PowderLauncher.exe
-
Size
421KB
-
Sample
241003-rx617szgjq
-
MD5
ea774962ca4d02a3fc3a853d18abefd9
-
SHA1
1160ef2dbf1a83ac8151e02d558611d18e798638
-
SHA256
8107bd54d0e16c675274e28d56e9672f5d0b03741b626e9cd836c8304ead7c36
-
SHA512
a2433f876f357d2a15957bac6cbb3f2e4d867e4d4d076bdd224677d67ac1d2597927788f34db6efd87605b2cfb8ac690d8ec16ece154412ffd7ce7b75e11cd7e
-
SSDEEP
6144:bmGIhx4I13Y2t0EyL+upREyrZzalOSjlbshojjjM4739E0Ld57X2znBtHMGvGd:yt4IFIRKcTZzalXQSDMw9dAS
Static task
static1
Behavioral task
behavioral1
Sample
PowderLauncher.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
Newtonsoft.Json.dll
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
PostInstaller.exe
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
PowderBootstrap.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
PowderLauncher.exe
-
Size
421KB
-
MD5
ea774962ca4d02a3fc3a853d18abefd9
-
SHA1
1160ef2dbf1a83ac8151e02d558611d18e798638
-
SHA256
8107bd54d0e16c675274e28d56e9672f5d0b03741b626e9cd836c8304ead7c36
-
SHA512
a2433f876f357d2a15957bac6cbb3f2e4d867e4d4d076bdd224677d67ac1d2597927788f34db6efd87605b2cfb8ac690d8ec16ece154412ffd7ce7b75e11cd7e
-
SSDEEP
6144:bmGIhx4I13Y2t0EyL+upREyrZzalOSjlbshojjjM4739E0Ld57X2znBtHMGvGd:yt4IFIRKcTZzalXQSDMw9dAS
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
685KB
-
MD5
081d9558bbb7adce142da153b2d5577a
-
SHA1
7d0ad03fbda1c24f883116b940717e596073ae96
-
SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
-
SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
-
SSDEEP
12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score1/10 -
-
-
Target
PostInstaller.exe
-
Size
23KB
-
MD5
41ba083ed39e906bef870255419edd28
-
SHA1
4ac8cbebdc4f0ada8018497c0acb35a22062a836
-
SHA256
52243ff195b844ecab87fce461947c779fe2cb8fac21282a05d1f2abfd4ede86
-
SHA512
2538a95882bb2b8ad8180a5fe569330d04079422067e4ad1d1fe985c36c5704821199c6625a56a5f032f31a22c8e4d9beaf72422aaa59e05fea9ecf6c33f465b
-
SSDEEP
384:CLDaVl9ec3YEyOWNcccXNMtG5/uo6ki2KP9gizC3inAM+o/8E9VF0NylCgK:CL+f9e2YEKxUdgr2KRzCynAMxkE6
Score1/10 -
-
-
Target
PowderBootstrap.exe
-
Size
26KB
-
MD5
874284cb887ce96f1fe6bd903a17cfcb
-
SHA1
615056be9f980fdc7167b74d8b1f5dbaf0c1f99d
-
SHA256
40b4a8932314a19f7ba201ae4613428b4f4e1bcda43a177158d956fd5d2f58bb
-
SHA512
53e9e2a38a3a4d4fcb2222279ec6379c61e792a6167094c70a94fe8be3dab34823b40d456cdacce5180f9598a47e0edd5d30760a878cc791f3e14e2c749770a1
-
SSDEEP
384:r4NgykacoZE8KaScRxKV6yxFHV0bSNkvwKwq6u8iJp/uo6ki2KP9gizOGwAM+o/M:8NgbuEaShv1YjQr2KRz0AMxkE4
Score5/10-
Enumerates processes with tasklist
-