Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Spoofer.zip
windows7-x64
1Spoofer.zip
windows10-2004-x64
1Spoofer/Spoofer.exe
windows7-x64
7Spoofer/Spoofer.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Resubmissions
19/10/2024, 20:28
241019-y9crfsygrq 10General
-
Target
Spoofer.zip
-
Size
76.5MB
-
Sample
241019-y9crfsygrq
-
MD5
758fcab78b3ebaef35e19967c4257065
-
SHA1
f69baf42f3cc916e51779a1299e6ac831db327a1
-
SHA256
9644e499266c4a5f046b661effc63c95cdf161ba31b481c40d6fb012733ef680
-
SHA512
f911e8b096fd7ffe55e553b6510ed68d1a99313b45aadb6c0f71fc65eda40fa309e61a20c279349c57f8e888b94138a7d9b71b5e451f32f719e184072c33b248
-
SSDEEP
1572864:3AcmPPZdNCtAlavcmpggH9JNjaQXJX2GlY2mZq0rvLXhJXX3701iFQ0YtN1Co:3AxPAWla8wzdX/ljiqIzoCcn
Behavioral task
behavioral1
Sample
Spoofer.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Spoofer.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Spoofer/Spoofer.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Spoofer/Spoofer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
discord_token_grabber.pyc
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
discord_token_grabber.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
get_cookies.pyc
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
get_cookies.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
misc.pyc
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
misc.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
passwords_grabber.pyc
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
passwords_grabber.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
source_prepared.pyc
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
source_prepared.pyc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Spoofer.zip
-
Size
76.5MB
-
MD5
758fcab78b3ebaef35e19967c4257065
-
SHA1
f69baf42f3cc916e51779a1299e6ac831db327a1
-
SHA256
9644e499266c4a5f046b661effc63c95cdf161ba31b481c40d6fb012733ef680
-
SHA512
f911e8b096fd7ffe55e553b6510ed68d1a99313b45aadb6c0f71fc65eda40fa309e61a20c279349c57f8e888b94138a7d9b71b5e451f32f719e184072c33b248
-
SSDEEP
1572864:3AcmPPZdNCtAlavcmpggH9JNjaQXJX2GlY2mZq0rvLXhJXX3701iFQ0YtN1Co:3AxPAWla8wzdX/ljiqIzoCcn
Score1/10 -
-
-
Target
Spoofer/Spoofer.exe
-
Size
76.8MB
-
MD5
259ebae45c96b2c72f2869236e64fa37
-
SHA1
3f15c7b2235684ac2fda90141737028b4297280c
-
SHA256
c448ebd8f3cdc7981bfab0cb15060fff0ffbd1e3c9029350dc6e4dab6789eef0
-
SHA512
2a5e182d78b097a1aabd258cc9bcd0e091da592313324dcf674d023befd9d95c85d77d88d56ca167e0b880dafd114c803192be705f293a3fb4bc0d181109b051
-
SSDEEP
1572864:d1lBWPY0ASk8IpG7V+VPhqYdIFE7vlhNiYweyJulZUdgErleqfaqZ9Uu:d1zbSkB05awcIeLapuwrd9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
16KB
-
MD5
725de9fcbbafc763e52c1890229e95d3
-
SHA1
9f706ed61c350f634c1219a450680d8d943fab94
-
SHA256
61a871eed93301374ff8242c30e7da5ef568ba1fdd612482a0bba99583ae675f
-
SHA512
993ec6762f902ccd8753ce64a045717255aa63d7af58f0e38f997e4433ff302581479ef83a2bf0faba768981d2e471b01071de7373894fc506716571ba61e56a
-
SSDEEP
384:nGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:nGCuvk8WltcrttQ5saaCsVA
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
c9a26682b507d80f6293b7812712a656
-
SHA1
08717581287f9ce3ce45620b65bf9af9388bd56d
-
SHA256
977c728a338029209993bdea34d5476491be08fedcdc4d9810aa477e26118638
-
SHA512
54eeb20ea0cf309fa5eb31b3f37318e07965217f6f8adc8b1ba2cef8c7559db82792b8470f44e8989efde29b31b13e79d97c6c9a6549e765190336edbc4c02c7
-
SSDEEP
192:lNal3eiNis9QfUFoxJvm79F211G67+PtAhN:lJiB2lrj7jKlAhN
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
f450829addc19ea4da350682ab197177
-
SHA1
d945d4aeb21e9aa3b995c05afa4ae9310427b664
-
SHA256
5d285150443c750bb0b68da4cc87732b81703e9665f719247a0ee62bd9482ca6
-
SHA512
645a11a031c4872b378201555a1c2a0aaa5537cb83d9a98028f09dbcfac527b691b8ef417b616ad2a7ce3d2920f4081fbd8dd201e83db74dacb01615510d15bb
-
SSDEEP
96:XSMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:iolvJ0evq+VBXZGh4vmV1kFhub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
7d2e86e5d8afcff3d134f866f33d836c
-
SHA1
1791cfa048717d69f51c56ecf63f5047b088532d
-
SHA256
30c7051140e658b94573f4fd7bcdfcef0ac6e54aec22a69220632437f6f465cd
-
SHA512
555fb2eafcb4a9d5762608396969d635e6d260f50089e1bc949a2c37aa6531526ee8c3e365e10b88b04b5afb966d3d112e5bbcf4414e4ffef305c1fbb61dbc5b
-
SSDEEP
192:A114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:64qWLfMtzVxDAEW7
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
173KB
-
MD5
558bb736f320b25ca0f52047fb35bd33
-
SHA1
3393e0ee3f329b4d5a8ec39d9c4e042bef47d289
-
SHA256
001d7b31e4c20a34fbfef8da7c45635f897d2c53943aae1f55cdad941bb53845
-
SHA512
af1f6e5cab4f26eec13e5cff341be3a88287c2d1bc9b6700c70877f973dc734803d2f0310bf014381bbeead983c81c821d721bf5d21bcf0e7746568a8a0a4c6b
-
SSDEEP
3072:jryLs0aOO9161OzsAo6PZTJ0pZyScWaQV+0YIvdXzAsTWu:jrws0aOO916FAoZpL9E0CsP
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1