Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
zoom_64789348756.com
-
Size
17.8MB
-
Sample
250218-v5qkzavlaq
-
MD5
3e9f28645b3a47af4e8a3474e1c91db7
-
SHA1
1d114c51396ae4bdb6284824c6aa6bccb7edcf49
-
SHA256
8bed44795846f52a3cfd176c34d9865a457805d202a11ae50a3328dcc232416f
-
SHA512
6ef45af041f83863ba91b8faadde7e4f3a92e7cbbc3e8037f432455108d94ab12874afdea2cae137931f354b4c639a34581c4b69671edf1d0cdc1fd3cb634d7c
-
SSDEEP
393216:WqPnLFXlrPmQ8DOETgsvfGFLgUWRvE094Gt1xQZq:7PLFXNOQhESXP0bt1j
Behavioral task
behavioral1
Sample
zoom_64789348756.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral2
Sample
zoom_64789348756.exe
Resource
win11-20250217-en
Malware Config
Targets
-
-
Target
zoom_64789348756.com
-
Size
17.8MB
-
MD5
3e9f28645b3a47af4e8a3474e1c91db7
-
SHA1
1d114c51396ae4bdb6284824c6aa6bccb7edcf49
-
SHA256
8bed44795846f52a3cfd176c34d9865a457805d202a11ae50a3328dcc232416f
-
SHA512
6ef45af041f83863ba91b8faadde7e4f3a92e7cbbc3e8037f432455108d94ab12874afdea2cae137931f354b4c639a34581c4b69671edf1d0cdc1fd3cb634d7c
-
SSDEEP
393216:WqPnLFXlrPmQ8DOETgsvfGFLgUWRvE094Gt1xQZq:7PLFXNOQhESXP0bt1j
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1