Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RTC_Launcher.exe
-
Size
758KB
-
Sample
241014-pyd1pszhkk
-
MD5
cb1929328dea316fcb34f3486697d16e
-
SHA1
8c2db8d4b4644cb356a9283b2fa7bb6a988a5d7b
-
SHA256
7a3deffc327b1e49cbc95dc4c41f1f4c0fd55825cc7c18fd06b96a900e0bf5f9
-
SHA512
90ef1cc19c01c1c0b2b4b802e88d622ff07ffc91273350200cd0589e6acabb63634af2883f6cae554dacab0f401b4294d13291707507c6fa035c282214fc6a28
-
SSDEEP
12288:qOBl28ZdfrXg+JwuKt/S/605bsrv0QXIRHE:zfw+Jwz/S/6Rv0wUk
Malware Config
Targets
-
-
Target
RTC_Launcher.exe
-
Size
758KB
-
MD5
cb1929328dea316fcb34f3486697d16e
-
SHA1
8c2db8d4b4644cb356a9283b2fa7bb6a988a5d7b
-
SHA256
7a3deffc327b1e49cbc95dc4c41f1f4c0fd55825cc7c18fd06b96a900e0bf5f9
-
SHA512
90ef1cc19c01c1c0b2b4b802e88d622ff07ffc91273350200cd0589e6acabb63634af2883f6cae554dacab0f401b4294d13291707507c6fa035c282214fc6a28
-
SSDEEP
12288:qOBl28ZdfrXg+JwuKt/S/605bsrv0QXIRHE:zfw+Jwz/S/6Rv0wUk
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-