Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d99f4643fa07fa48ee5c7e700b0fd033.bin
-
Size
7.2MB
-
Sample
241105-zkvreaxpas
-
MD5
e63e6de59afaabf9a3e5c77651dded72
-
SHA1
7413091279b6cb1412863bf00ddc10004a1babc5
-
SHA256
2759da6727291b8941a0675d5352ea1fad153ffd9f0bd447a0a96433ac94a906
-
SHA512
d80400bb46871fc1c3a9b62e09eb7ff4d67a791aba193c053116020968f829dc02c9a7a4099306fb766aa38041e82bd03763a12593627a81eb175dfdbad016bc
-
SSDEEP
98304:/Y+2dvGFB3zT9PcX5/jAwoglm+0/fCn7CF53p0xLbiaXnqmgW08nq/TrGiuOuKtU:/Yr8FPc5/bmvfCnmFq6aXeW0ySdI4yr
Malware Config
Targets
-
-
Target
06b28a3a05f98b3172eee3f990e1e1c3f8d51d68a39f93db09e01fd2c70439d3.exe
-
Size
7.3MB
-
MD5
d99f4643fa07fa48ee5c7e700b0fd033
-
SHA1
139f0f1734c268d9fe5154421ca1d6b6db5ffd4a
-
SHA256
06b28a3a05f98b3172eee3f990e1e1c3f8d51d68a39f93db09e01fd2c70439d3
-
SHA512
18420badfdac5fcd3b9c8d9b5e4cf364f686d59e22ad3ff44b599d40d3750740e06b63b5e4b52c2c2cae07ac244705dc412828dfcda5aff64bb4cc33a3458ab8
-
SSDEEP
196608:Am8PDiLjv+bhqNVoB0SEsucQZ41JBbIg11tdJG:Z8PaL+9qz80SJHQK1JV1vDG
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-