Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
doc_37880002.pdf
-
Size
106KB
-
Sample
250114-qhwfgsynew
-
MD5
3591e51a3d3bc00fb3fe112b95b7b886
-
SHA1
f3f17fdab3631066606a6c5d88dfbae794e91173
-
SHA256
08c87857828af2165bd0cfe495743fe3f22532effecebbfaf352e30bf71b3bd6
-
SHA512
0cf07eec388fc5e8164b8108ac9ac80cdade1b56f73003a62dab578416a3e40ba2ce509933e5d8e885c366069086d4d31e578f8c39a33f2c1f34d8b549acfcd5
-
SSDEEP
1536:ApN8HZDyLYoWGs5pRis0/4D9UbMHxa/NjN+aZZYx06DTyQHFwjV9wyOaMIe1RS9Q:QmjGs5is0DbJ/JnZZY/DTgJxBej
Malware Config
Targets
-
-
Target
doc_37880002.pdf
-
Size
106KB
-
MD5
3591e51a3d3bc00fb3fe112b95b7b886
-
SHA1
f3f17fdab3631066606a6c5d88dfbae794e91173
-
SHA256
08c87857828af2165bd0cfe495743fe3f22532effecebbfaf352e30bf71b3bd6
-
SHA512
0cf07eec388fc5e8164b8108ac9ac80cdade1b56f73003a62dab578416a3e40ba2ce509933e5d8e885c366069086d4d31e578f8c39a33f2c1f34d8b549acfcd5
-
SSDEEP
1536:ApN8HZDyLYoWGs5pRis0/4D9UbMHxa/NjN+aZZYx06DTyQHFwjV9wyOaMIe1RS9Q:QmjGs5is0DbJ/JnZZY/DTgJxBej
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-