Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
FNCheet.zip
-
Size
8.9MB
-
Sample
241221-sqetta1rcy
-
MD5
8bd03a713e1afffbaace59f5bd3bfc8a
-
SHA1
72b58d2a6ad4f439acdb3190195fe6577004fecd
-
SHA256
36af0cc23a92c08b0c6d53e92145d2c6786acbd14ec52f7043366887784e34e1
-
SHA512
355691b93a59ac86a9587ec75c0d05b05eba10092305b612349dca19628dac1f987d34bfce3daeba732e6ee5d7a9596b6d65fdcfedaaff3fe54089d66dff2651
-
SSDEEP
196608:+Y7I+cFmI1pvQDaRFiKaftiHgiFFbiVTpGHefusZD8cBUdkl45Sulqbn:+II+FI16DaRe8Hg2tibGHQx8cik+jqbn
Static task
static1
Behavioral task
behavioral1
Sample
READ_ME.txt
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
READ_ME.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
voidgui (reworked).exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
voidgui (reworked).exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
READ_ME.txt
-
Size
163B
-
MD5
c6bbeec925f83b15c8b1ccf3361ffef0
-
SHA1
862ed0fac860a271d603bb01ae379e76bdd351c7
-
SHA256
ffbb28aec76dd4c016e66b6fff83fd96b916a94af2ab6a8b35032c4d279f1805
-
SHA512
2dea447a3528aa89143df3acd7d72e8a66a185d6e7757ee98cf1daeb43a122654d3ccd47079c087298ab5b2d8a56bec9d66781ef7053a5b9fc3f337d01a94e48
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
voidgui (reworked).exe
-
Size
9.0MB
-
MD5
1bcb20142ad3f985537b99358ce2579c
-
SHA1
8412515b5cd26b4bb7fc93b7efee09e27d102cac
-
SHA256
235c3b48571ff4ab89ee0cf5751f2eb9ca36a7e92d62d7086cf5425f73337d05
-
SHA512
40c54e682137ff392fba6528db05b380328f122b22f1c6dba7e62e690acc645d7aef6403803aa1ce5d7ce7c14924225f96b16c6151596f75e9ad964ec038fb43
-
SSDEEP
196608:1s1CmCT6hHDQw65RWys5PONEqJ7jgb1NaPfXQ+zT2a3GLwD+hAAF05:14CmfhEw65c8NEongnaPRX2aqwiF05
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1