Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    75.8MB

  • Sample

    241209-ve9adsvjds

  • MD5

    d27e151891d42caa195199b77e843d88

  • SHA1

    c76fe47384a52c88a9fa044b4a194f86a5dfefba

  • SHA256

    b6bf856f34b8bb5db46680c7cfed3ca4a8fbd0b170c9640a17242ca3f2833563

  • SHA512

    b8909a66514a06aafcc14c8814265bd6d321297a99bd2d361b8ef932fe58be653b4e123e73d3dcf658c35f78d5ba65f14c9bca696fcbcdb563027641ca297f50

  • SSDEEP

    1572864:O8Vl1xWyomcSk8IpG7V+VPhqIUE7WSlKiRiY4MHHLeqPNLtDJ67Z7YG4:OKdjomcSkB05awIASMiOMHVLtN67O

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      75.8MB

    • MD5

      d27e151891d42caa195199b77e843d88

    • SHA1

      c76fe47384a52c88a9fa044b4a194f86a5dfefba

    • SHA256

      b6bf856f34b8bb5db46680c7cfed3ca4a8fbd0b170c9640a17242ca3f2833563

    • SHA512

      b8909a66514a06aafcc14c8814265bd6d321297a99bd2d361b8ef932fe58be653b4e123e73d3dcf658c35f78d5ba65f14c9bca696fcbcdb563027641ca297f50

    • SSDEEP

      1572864:O8Vl1xWyomcSk8IpG7V+VPhqIUE7WSlKiRiY4MHHLeqPNLtDJ67Z7YG4:OKdjomcSkB05awIASMiOMHVLtN67O

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      8KB

    • MD5

      6b2aaa23f9b67dca5fa0efd9d96e9060

    • SHA1

      07293442aa33cbc0afc1b69af287b1fede2e9a70

    • SHA256

      f49ba791814001b3d4101685bfebb635cdaf3103407a08171bb5d6bbe3e79c77

    • SHA512

      bcd7b41e7758b30954b0e24db5d53d3d904b6c4b9a5105bd33e5dddddb310614cc09a028d0cd8ccb6a272ce5eba0e9142a1cc36ec848b54fb99b695752b5e20d

    • SSDEEP

      192:ESB7osP1MJaugwXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavwTqacyq35D0Fnv

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      5KB

    • MD5

      2754e3152f668e31fccca7b6f275716b

    • SHA1

      e9ed74d679a96372c4457e72bc6639a4d96a2378

    • SHA256

      f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca

    • SHA512

      a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47

    • SSDEEP

      96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94

    Score
    3/10
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      2KB

    • MD5

      bcb404423ac51f798753e8d11e401071

    • SHA1

      9080018dae3aa157e3a97904c86af06d4a0a6873

    • SHA256

      572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a

    • SHA512

      25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      4KB

    • MD5

      8b9cbd29c3dfec519a4313b1b7a0069b

    • SHA1

      5efb073593bc8908a7514dad78673c9d65344a6f

    • SHA256

      589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3

    • SHA512

      c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd

    • SSDEEP

      96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      63KB

    • MD5

      d496908f2af2b21e580782c4fcdb501c

    • SHA1

      2bf7acb4d26fdafb6c58bd44a0810625d970eab7

    • SHA256

      5817900131220625cfcd39347345110c00bad6d6e5520f18ae86b34abbc6767b

    • SHA512

      b694a9454603275bcf808b451ed05881536433ad238166254e81e775b1396520d78fdc96a2c917fd76de8adfaefc3b7005089aa3b611c4b0317e848b6e7885bd

    • SSDEEP

      768:cpkAlgVgwl6BRPLUJju4TFch+eXZldsN4uJ3EcUFNS9PSd5zcooVUgqqNwb1Lvqr:ctgVgBPIRTFxikqcUFqOIooVNwtS7f

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.