Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Spoofer.zip

windows7-x64

1

Spoofer.zip

windows10-2004-x64

1

Spoofer/Spoofer.exe

windows7-x64

7

Spoofer/Spoofer.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

19/10/2024, 20:28

241019-y9crfsygrq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Spoofer.zip

  • Size

    76.5MB

  • Sample

    241019-y9crfsygrq

  • MD5

    758fcab78b3ebaef35e19967c4257065

  • SHA1

    f69baf42f3cc916e51779a1299e6ac831db327a1

  • SHA256

    9644e499266c4a5f046b661effc63c95cdf161ba31b481c40d6fb012733ef680

  • SHA512

    f911e8b096fd7ffe55e553b6510ed68d1a99313b45aadb6c0f71fc65eda40fa309e61a20c279349c57f8e888b94138a7d9b71b5e451f32f719e184072c33b248

  • SSDEEP

    1572864:3AcmPPZdNCtAlavcmpggH9JNjaQXJX2GlY2mZq0rvLXhJXX3701iFQ0YtN1Co:3AxPAWla8wzdX/ljiqIzoCcn

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Spoofer.zip

    • Size

      76.5MB

    • MD5

      758fcab78b3ebaef35e19967c4257065

    • SHA1

      f69baf42f3cc916e51779a1299e6ac831db327a1

    • SHA256

      9644e499266c4a5f046b661effc63c95cdf161ba31b481c40d6fb012733ef680

    • SHA512

      f911e8b096fd7ffe55e553b6510ed68d1a99313b45aadb6c0f71fc65eda40fa309e61a20c279349c57f8e888b94138a7d9b71b5e451f32f719e184072c33b248

    • SSDEEP

      1572864:3AcmPPZdNCtAlavcmpggH9JNjaQXJX2GlY2mZq0rvLXhJXX3701iFQ0YtN1Co:3AxPAWla8wzdX/ljiqIzoCcn

    Score
    1/10
    behavioral1behavioral2

    • Target

      Spoofer/Spoofer.exe

    • Size

      76.8MB

    • MD5

      259ebae45c96b2c72f2869236e64fa37

    • SHA1

      3f15c7b2235684ac2fda90141737028b4297280c

    • SHA256

      c448ebd8f3cdc7981bfab0cb15060fff0ffbd1e3c9029350dc6e4dab6789eef0

    • SHA512

      2a5e182d78b097a1aabd258cc9bcd0e091da592313324dcf674d023befd9d95c85d77d88d56ca167e0b880dafd114c803192be705f293a3fb4bc0d181109b051

    • SSDEEP

      1572864:d1lBWPY0ASk8IpG7V+VPhqYdIFE7vlhNiYweyJulZUdgErleqfaqZ9Uu:d1zbSkB05awcIeLapuwrd9U

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      discord_token_grabber.pyc

    • Size

      16KB

    • MD5

      725de9fcbbafc763e52c1890229e95d3

    • SHA1

      9f706ed61c350f634c1219a450680d8d943fab94

    • SHA256

      61a871eed93301374ff8242c30e7da5ef568ba1fdd612482a0bba99583ae675f

    • SHA512

      993ec6762f902ccd8753ce64a045717255aa63d7af58f0e38f997e4433ff302581479ef83a2bf0faba768981d2e471b01071de7373894fc506716571ba61e56a

    • SSDEEP

      384:nGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:nGCuvk8WltcrttQ5saaCsVA

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      c9a26682b507d80f6293b7812712a656

    • SHA1

      08717581287f9ce3ce45620b65bf9af9388bd56d

    • SHA256

      977c728a338029209993bdea34d5476491be08fedcdc4d9810aa477e26118638

    • SHA512

      54eeb20ea0cf309fa5eb31b3f37318e07965217f6f8adc8b1ba2cef8c7559db82792b8470f44e8989efde29b31b13e79d97c6c9a6549e765190336edbc4c02c7

    • SSDEEP

      192:lNal3eiNis9QfUFoxJvm79F211G67+PtAhN:lJiB2lrj7jKlAhN

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      f450829addc19ea4da350682ab197177

    • SHA1

      d945d4aeb21e9aa3b995c05afa4ae9310427b664

    • SHA256

      5d285150443c750bb0b68da4cc87732b81703e9665f719247a0ee62bd9482ca6

    • SHA512

      645a11a031c4872b378201555a1c2a0aaa5537cb83d9a98028f09dbcfac527b691b8ef417b616ad2a7ce3d2920f4081fbd8dd201e83db74dacb01615510d15bb

    • SSDEEP

      96:XSMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:iolvJ0evq+VBXZGh4vmV1kFhub

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      7d2e86e5d8afcff3d134f866f33d836c

    • SHA1

      1791cfa048717d69f51c56ecf63f5047b088532d

    • SHA256

      30c7051140e658b94573f4fd7bcdfcef0ac6e54aec22a69220632437f6f465cd

    • SHA512

      555fb2eafcb4a9d5762608396969d635e6d260f50089e1bc949a2c37aa6531526ee8c3e365e10b88b04b5afb966d3d112e5bbcf4414e4ffef305c1fbb61dbc5b

    • SSDEEP

      192:A114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:64qWLfMtzVxDAEW7

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      source_prepared.pyc

    • Size

      173KB

    • MD5

      558bb736f320b25ca0f52047fb35bd33

    • SHA1

      3393e0ee3f329b4d5a8ec39d9c4e042bef47d289

    • SHA256

      001d7b31e4c20a34fbfef8da7c45635f897d2c53943aae1f55cdad941bb53845

    • SHA512

      af1f6e5cab4f26eec13e5cff341be3a88287c2d1bc9b6700c70877f973dc734803d2f0310bf014381bbeead983c81c821d721bf5d21bcf0e7746568a8a0a4c6b

    • SSDEEP

      3072:jryLs0aOO9161OzsAo6PZTJ0pZyScWaQV+0YIvdXzAsTWu:jrws0aOO916FAoZpL9E0CsP

    Score
    3/10
    discovery
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks