Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
built.exe
-
Size
8.3MB
-
Sample
241009-zsc7bsybmb
-
MD5
6e2668a6fe1448dd9a4bb6636e4eaf9e
-
SHA1
947f1db5b80e1c70a075f09a8c540352dfedbf78
-
SHA256
1efa756a38ef52f02ab9a094e207e3b79b9dea2e50225cf1af8995427a4b8f0b
-
SHA512
542cb59afa5575c4a1af348f63e5bfd5a8dfc776646deb002e49e6381c04e28f9e40358cf68b6a2495dbc18cb73768bd3bffe54160146e2b2d8a8ef1684accf6
-
SSDEEP
196608:qe1uY4wfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jV:PpIHziK1piXLGVE4UrS0VJx
Malware Config
Targets
-
-
Target
built.exe
-
Size
8.3MB
-
MD5
6e2668a6fe1448dd9a4bb6636e4eaf9e
-
SHA1
947f1db5b80e1c70a075f09a8c540352dfedbf78
-
SHA256
1efa756a38ef52f02ab9a094e207e3b79b9dea2e50225cf1af8995427a4b8f0b
-
SHA512
542cb59afa5575c4a1af348f63e5bfd5a8dfc776646deb002e49e6381c04e28f9e40358cf68b6a2495dbc18cb73768bd3bffe54160146e2b2d8a8ef1684accf6
-
SSDEEP
196608:qe1uY4wfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jV:PpIHziK1piXLGVE4UrS0VJx
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-