Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
xray.exe
-
Size
5.9MB
-
Sample
250111-jhgtrstnhp
-
MD5
08eca9171f36a8870b914cc3483289ad
-
SHA1
ad19c17528e1729fcc886b81a75459fa166e8333
-
SHA256
be86be2ed524d887a9fb5915be201c5f45c8fb40cac116b3156fca4c65e562be
-
SHA512
4771a72151ddafd37c06bbf1e3c4f4a4a0273bf37aac5fc2827aad15a30eee86793885450b8fbb0b368bf752770032340ccc5a570383deb8679577442b205b72
-
SSDEEP
98304:GEmoDUN43Wlmk3ZjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aitMr:GEumWzOjmFwDRxtYSHdK34kdai7bN3ml
Behavioral task
behavioral1
Sample
xray.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
xray.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
xray.exe
-
Size
5.9MB
-
MD5
08eca9171f36a8870b914cc3483289ad
-
SHA1
ad19c17528e1729fcc886b81a75459fa166e8333
-
SHA256
be86be2ed524d887a9fb5915be201c5f45c8fb40cac116b3156fca4c65e562be
-
SHA512
4771a72151ddafd37c06bbf1e3c4f4a4a0273bf37aac5fc2827aad15a30eee86793885450b8fbb0b368bf752770032340ccc5a570383deb8679577442b205b72
-
SSDEEP
98304:GEmoDUN43Wlmk3ZjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aitMr:GEumWzOjmFwDRxtYSHdK34kdai7bN3ml
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3