Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
07/12/2024, 03:49
241207-edgkzszrdj 1004/12/2024, 22:38
241204-2kv4aa1jgn 1004/12/2024, 20:49
241204-zl1ztawnfk 1004/12/2024, 20:48
241204-zlmgeszrbt 1004/12/2024, 19:23
241204-x3662sspbq 1004/12/2024, 19:14
241204-xxpd2sslem 1019/07/2024, 04:07
240719-epssdsvgkf 1017/07/2024, 17:11
240717-vqak7szhjl 10Behavioral task
behavioral1
Sample
RIP_YOUR_PC_LOL.exe
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral2
Sample
RIP_YOUR_PC_LOL.exe
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral3
Sample
RIP_YOUR_PC_LOL.exe
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
RIP_YOUR_PC_LOL.exe
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral5
Sample
RIP_YOUR_PC_LOL.exe
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral6
Sample
RIP_YOUR_PC_LOL.exe
Resource
ubuntu2204-amd64-20240729-en
Behavioral task
behavioral7
Sample
RIP_YOUR_PC_LOL.exe
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
RIP_YOUR_PC_LOL.exe
-
Size
22.5MB
-
MD5
52867174362410d63215d78e708103ea
-
SHA1
7ae4e1048e4463a4201bdeaf224c5b6face681bf
-
SHA256
37d8e1ce3b6e6488942717aa78cb54785edc985143bcc8d9ba9f42d73a3dbd7a
-
SHA512
89e17e147d3f073e479e85d0b0321f6264bbc2aa84c930ed645e8f5cde3f1e58812c3db1ba0f10bee6ce7ac0731e1e3de6747a9b3c4d63a564dd8d904bd726ab
-
SSDEEP
393216:HJLgf7BPkdKzrZciLxv8naSNtPr5rn57M84UTB9xO5/VWvJKJPkwdnfZ4y5SDkFV:poBPQwxMR7pn5qUTB9xOFVWvJKJPkwd9
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Nanocore family
-
Njrat family
-
Detected Nirsoft tools 1 IoCs
Free utilities often used by attackers which can steal passwords, product keys, etc.
resource yara_rule sample Nirsoft -
NirSoft MailPassView 1 IoCs
Password recovery tool for various email clients
resource yara_rule sample MailPassView -
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers
resource yara_rule sample WebBrowserPassView -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RIP_YOUR_PC_LOL.exe
Files
-
RIP_YOUR_PC_LOL.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 22.5MB - Virtual size: 22.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ