Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    URGENTPAYMENTREQUEST.js

  • Size

    455KB

  • Sample

    241004-lg64dawglr

  • MD5

    ec7b21746a03ffd34199f1943b74fe5e

  • SHA1

    c575de9f5fe3af6b479d6b0eff608ba2cbad2c9a

  • SHA256

    b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7

  • SHA512

    581e999de6f8a2fe6083ac2b3688422b7241779d606d0cd48547e2f967ce5e79be0b37bd52a839c68d1c9689e6fe290745c292f808f7b39a3ee462687195466b

  • SSDEEP

    12288:wpJc5fLTwmpBt3bSZoWeA/3nk4I4eTrSfD:wO73lW5

Malware Config

Targets

    • Target

      URGENTPAYMENTREQUEST.js

    • Size

      455KB

    • MD5

      ec7b21746a03ffd34199f1943b74fe5e

    • SHA1

      c575de9f5fe3af6b479d6b0eff608ba2cbad2c9a

    • SHA256

      b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7

    • SHA512

      581e999de6f8a2fe6083ac2b3688422b7241779d606d0cd48547e2f967ce5e79be0b37bd52a839c68d1c9689e6fe290745c292f808f7b39a3ee462687195466b

    • SSDEEP

      12288:wpJc5fLTwmpBt3bSZoWeA/3nk4I4eTrSfD:wO73lW5

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.