Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RepulseExecuter.exe
-
Size
10.3MB
-
Sample
241005-f6sdmascmc
-
MD5
f4faa69a82d143f8eb6a35b03b1290ce
-
SHA1
8d9afef4a89824607b501f62479fd149b995ae60
-
SHA256
e60950c48d22951262d707a01fd5164ccafa0f37f7db68905b58088f15d6ad5a
-
SHA512
e3d282f4cec0df9227fc933219b9dc0aaf84d9996d7f2ce1e8014fb5e4717f39ecb0738f2966ef97fda76a51fd3cc1a28f0db13aacf6d4d6abe12c1f33756188
-
SSDEEP
196608:9VEk1CtNm+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6+lmGPFQwWBHlAC7O:jEk1Ct32XMCHWUjAjx5WsqWxT9lQw8le
Behavioral task
behavioral1
Sample
RepulseExecuter.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
cstealer.pyc
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
RepulseExecuter.exe
-
Size
10.3MB
-
MD5
f4faa69a82d143f8eb6a35b03b1290ce
-
SHA1
8d9afef4a89824607b501f62479fd149b995ae60
-
SHA256
e60950c48d22951262d707a01fd5164ccafa0f37f7db68905b58088f15d6ad5a
-
SHA512
e3d282f4cec0df9227fc933219b9dc0aaf84d9996d7f2ce1e8014fb5e4717f39ecb0738f2966ef97fda76a51fd3cc1a28f0db13aacf6d4d6abe12c1f33756188
-
SSDEEP
196608:9VEk1CtNm+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6+lmGPFQwWBHlAC7O:jEk1Ct32XMCHWUjAjx5WsqWxT9lQw8le
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
67KB
-
MD5
952b886b60ecd894cb4d4c7148be9532
-
SHA1
8bcab3195e8bd992c1e411ed1634498bdf790888
-
SHA256
f30faec52d14397681a5dbb71c3f3174f14937fd212aefd16ff18bf782baa006
-
SHA512
74ae725219f9fa240d469076fd734796e5101363c3ff410c65ad0a099153d521f991d540ddb0d41f6578ce701d0848b03826458126da675b669434dad1eba152
-
SSDEEP
1536:gNoqOgufxjWhJl9s7bo88qLyQQOtJUYVy4ZRhen:g0NfAAbo88IkO4gy4ZRe
Score3/10 -