Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FNCheet.zip

  • Size

    8.9MB

  • Sample

    241221-sqetta1rcy

  • MD5

    8bd03a713e1afffbaace59f5bd3bfc8a

  • SHA1

    72b58d2a6ad4f439acdb3190195fe6577004fecd

  • SHA256

    36af0cc23a92c08b0c6d53e92145d2c6786acbd14ec52f7043366887784e34e1

  • SHA512

    355691b93a59ac86a9587ec75c0d05b05eba10092305b612349dca19628dac1f987d34bfce3daeba732e6ee5d7a9596b6d65fdcfedaaff3fe54089d66dff2651

  • SSDEEP

    196608:+Y7I+cFmI1pvQDaRFiKaftiHgiFFbiVTpGHefusZD8cBUdkl45Sulqbn:+II+FI16DaRe8Hg2tibGHQx8cik+jqbn

Malware Config

Targets

    • Target

      READ_ME.txt

    • Size

      163B

    • MD5

      c6bbeec925f83b15c8b1ccf3361ffef0

    • SHA1

      862ed0fac860a271d603bb01ae379e76bdd351c7

    • SHA256

      ffbb28aec76dd4c016e66b6fff83fd96b916a94af2ab6a8b35032c4d279f1805

    • SHA512

      2dea447a3528aa89143df3acd7d72e8a66a185d6e7757ee98cf1daeb43a122654d3ccd47079c087298ab5b2d8a56bec9d66781ef7053a5b9fc3f337d01a94e48

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      voidgui (reworked).exe

    • Size

      9.0MB

    • MD5

      1bcb20142ad3f985537b99358ce2579c

    • SHA1

      8412515b5cd26b4bb7fc93b7efee09e27d102cac

    • SHA256

      235c3b48571ff4ab89ee0cf5751f2eb9ca36a7e92d62d7086cf5425f73337d05

    • SHA512

      40c54e682137ff392fba6528db05b380328f122b22f1c6dba7e62e690acc645d7aef6403803aa1ce5d7ce7c14924225f96b16c6151596f75e9ad964ec038fb43

    • SSDEEP

      196608:1s1CmCT6hHDQw65RWys5PONEqJ7jgb1NaPfXQ+zT2a3GLwD+hAAF05:14CmfhEw65c8NEongnaPRX2aqwiF05

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.