Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

beed61dc63...0235e9

windows11-21h2-x64

4

Resubmissions

11/03/2025, 16:30 UTC

250311-tz8zpaxrz2 10

11/03/2025, 16:06 UTC

250311-tkc9gaxm16 10

11/03/2025, 16:06 UTC

250311-tj3sqsxm13 10

10/03/2025, 17:34 UTC

250310-v5yatasnz9 10

20/02/2025, 10:50 UTC

250220-mw8festjaz 10

20/02/2025, 10:49 UTC

250220-mw12cavpw6 10

16/02/2025, 02:33 UTC

250216-c1244ayjc1 10

16/02/2025, 02:26 UTC

250216-cw6xgsxldq 10

12/02/2025, 14:54 UTC

250212-r9zgwswmej 10

12/02/2025, 14:27 UTC

250212-rsdtvsvqet 10

Sharing

Copy URL
Twitter E-mail

Errors

Reason
config extraction: IcedidFirstLoader: EOF

General

  • Target

    beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9

  • Size

    8.5MB

  • MD5

    2d690d32e637c43a18aa8f4f2fd28e48

  • SHA1

    f8a5f75a34d2751c0e7195cd4adabddc1ece465e

  • SHA256

    beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9

  • SHA512

    2641192c4ebb0a66fdf6a9be16ccfc38a4cd98a32467d5b6e719c73b2893a28888b7c9c77d3db3a0d2e93d14408081bdc92238dc3a5b1479229843f354c7305e

  • SSDEEP

    196608:exCyu9hdCjcHsm2gTEE/OBBZVaMKb0QqNnJi6lWzVYK5P6qwpxFlWavvy7:ervy

Score
10/10
loaderguloaderratransomwarerezer0minerblacknetblisterguloaderloaderbotmimikatznetfilternetwirepseudomanuscryptquasarroyalxtremeratzeppelinkandykornhellokittymassloggermerlinmountlockernefilimsodinokibixmrigdridex

Malware Config

Signatures

  • BlackNET payload 1 IoCs
  • Blacknet family
    blacknet
  • Blister family
    blister
  • Detect Blister loader x32 1 IoCs
    loader
  • Detect KandyKorn payload 1 IoCs
  • Detect XtremeRAT payload 1 IoCs
  • Detected Mount Locker ransomware 1 IoCs
  • Detects PseudoManuscrypt payload 1 IoCs
    loader
  • Detects Zeppelin payload 1 IoCs
  • Dridex family
    dridex
  • Guloader family
    guloader
  • Guloader payload 1 IoCs
    guloader
  • HelloKitty ELF 1 IoCs
  • Hellokitty family
    hellokitty
  • Kandykorn family
    kandykorn
  • LoaderBot executable 1 IoCs
  • Loaderbot family
    loaderbot
  • MassLogger log file 1 IoCs

    Detects a log file produced by MassLogger.

  • Masslogger family
    masslogger
  • Merlin family
    merlin
  • Merlin payload 1 IoCs
  • Mimikatz family
    mimikatz
  • Mountlocker family
    mountlocker
  • Nefilim family
    nefilim
  • Nefilim ransomware executable 1 IoCs

    File contains patterns typical of Nefilim samples.

  • NetFilter Dropper 1 IoCs
  • NetFilter payload 1 IoCs
  • NetWire RAT payload 1 IoCs
    rat
  • Netfilter family
    netfilter
  • Netwire family
    netwire
  • Pseudomanuscrypt family
    pseudomanuscrypt
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Royal Ransomware 1 IoCs
    ransomware
  • Royal family
    royal
  • Sodinokibi family
    sodinokibi
  • Sodinokibi/Revil sample 1 IoCs
  • XMRig Miner payload 1 IoCs
    miner
  • Xmrig family
    xmrig
  • Xtremerat family
    xtremerat
  • Zeppelin family
    zeppelin
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • ReZer0 packer 1 IoCs

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

Files

  • beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.