Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241029-dvlets1qhm
-
MD5
b37054c3fd36d881c77d8405a7a4f8b3
-
SHA1
6940fcee6576c884ec8db5e1bfbafdeb88e41af2
-
SHA256
e23c471ae9c60d40aa180bc5c7596cc5c301a03dc14b7a460a7cd7e5a0623b34
-
SHA512
f40d330ebb223b2697d1086ab5417556799d79850b40c7f7256864d49964abbdf49f59ae3e801e3faa2b0e93c90143f1bd874cc40d108c689d00edaf52bab608
-
SSDEEP
98304:OaDjWM8JEE1FxhgamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIr:Oa0rzeNTfm/pf+xk4dWRpmrbW3jmr
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
b37054c3fd36d881c77d8405a7a4f8b3
-
SHA1
6940fcee6576c884ec8db5e1bfbafdeb88e41af2
-
SHA256
e23c471ae9c60d40aa180bc5c7596cc5c301a03dc14b7a460a7cd7e5a0623b34
-
SHA512
f40d330ebb223b2697d1086ab5417556799d79850b40c7f7256864d49964abbdf49f59ae3e801e3faa2b0e93c90143f1bd874cc40d108c689d00edaf52bab608
-
SSDEEP
98304:OaDjWM8JEE1FxhgamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIr:Oa0rzeNTfm/pf+xk4dWRpmrbW3jmr
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-