Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Ps99 Duplicator.zip
-
Size
258KB
-
Sample
250107-h3thmasker
-
MD5
26ba0e85f98647442f6f3fb68c5a0fbf
-
SHA1
d5637ffbff40d7e50ba2aec434bcac7219e2cdab
-
SHA256
add4313bc558d395b550227f6b1e6873ffb1cbb23e146fa3e6f195390439d0db
-
SHA512
292702747a302a3f8b8b54705a51049e0b09438bf20edae9cb52bdda6f3abf536477babcc37b37d499c4649562c932ee6bfbfe616094a14c2286852bb6a85109
-
SSDEEP
6144:Nsn8pQzs97L3co0N7JfgQph55c1HlrCBadBlMO1+9h7xR:6bBnN7JIQaHoC3M9h7j
Behavioral task
behavioral1
Sample
Ps99 Duplicator.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://fancywaxxers.shop/api
Targets
-
-
Target
Ps99 Duplicator.exe
-
Size
507KB
-
MD5
0b302e592f1cc0c5c10c15dbe7e7769d
-
SHA1
385e8478c5d84b41578bfddba235df3216ba9536
-
SHA256
d3c1cad594dc1780682c5360491589898c91a51732c78a66e2a41b0cb35b7d05
-
SHA512
20157b3cebd76db9d7ad7c32a1baede94bd656d75c2e29a9b9409a28ea89176cc68f8cc9acd46c701e4e38044c2d45585e7c930e42c16ce4fa994679ee4a6747
-
SSDEEP
12288:Flz+rW2k8wcin+TQj+PmrvW03cgzG9zl:bz+rQ8wcinWa+e
-
Lumma family
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-