Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
lGxCmyo.exe
-
Size
6.3MB
-
Sample
250131-zhtrbsymer
-
MD5
8b566fdf77f5acf29c6c5bd2d52eacab
-
SHA1
19842502be7711f7e4d303c71184dc0b2ac05798
-
SHA256
4dcab4dff066a113b9f2cea94b1b21837cf92f0874eb3c4fc166824546ff5271
-
SHA512
d3e12e3a8f5593a8e7eb7c78c0b27e1a2b9ba229a2ab4ff14675589617a43185a9bea8ffa4b26586e9744b39b657d143645f76bcac21f20fbab45509998c1ff6
-
SSDEEP
98304:ijcIruEVC6IEq9Vyn//5gcllxt3bzBoUv6aQ/BDyZeut1BDjRhh:WDCjTA//5gcllfrNJ6jBGwutlhh
Behavioral task
behavioral1
Sample
lGxCmyo.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
lGxCmyo.exe
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
lGxCmyo.exe
-
Size
6.3MB
-
MD5
8b566fdf77f5acf29c6c5bd2d52eacab
-
SHA1
19842502be7711f7e4d303c71184dc0b2ac05798
-
SHA256
4dcab4dff066a113b9f2cea94b1b21837cf92f0874eb3c4fc166824546ff5271
-
SHA512
d3e12e3a8f5593a8e7eb7c78c0b27e1a2b9ba229a2ab4ff14675589617a43185a9bea8ffa4b26586e9744b39b657d143645f76bcac21f20fbab45509998c1ff6
-
SSDEEP
98304:ijcIruEVC6IEq9Vyn//5gcllxt3bzBoUv6aQ/BDyZeut1BDjRhh:WDCjTA//5gcllfrNJ6jBGwutlhh
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1