Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ea08b197bbe8bc874a5c65500db03bf2.exe
-
Size
135KB
-
MD5
ea08b197bbe8bc874a5c65500db03bf2
-
SHA1
3cbe0f9a6bb6c1600e196d3c2b54132c72ccce0d
-
SHA256
03423b8784cac66602f6dc04f6303668951e9c7280a80535a708d59e6cf82312
-
SHA512
1baa6ee1970ae01c916d00a2727016a458d3bc6a43c9cfe707ccf73d687c190e88781a596661ee302feae53c5671f478a552177d74ce2a4334ad4daa5674bf10
-
SSDEEP
1536:k3WaMTxYajhMDWWWxD4krrQz46vdszbLpQqVD9bMEqb01XTmUOr87dOPAUVHWHth:6ajYWCkrr3wdAbbD9bMEqo1AWz7bPCe
Malware Config
Extracted
gurcu
https://api.telegram.org/bot7972507107:AAE0InlBzYqTeRUoXqUM9ewqhQJZRxDPcsE/sendMessage?chat_id=7259165684
http://206.166.251.4:8080
http://167.99.138.249:8080
http://46.4.73.118:9000
http://206.189.109.146:80
http://194.164.198.113:8080
http://45.82.65.63:80
https://5.196.181.135:443
http://95.216.147.179:80
http://185.217.98.121:8080
http://116.202.101.219:8080
http://185.217.98.121:80
http://159.203.174.113:8090
http://107.161.20.142:8080
https://192.99.196.191:443
https://44.228.161.50:443
https://154.9.207.142:443
http://66.42.56.128:80
http://8.219.110.16:9999
https://138.2.92.67:443
Signatures
-
Gurcu family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
ea08b197bbe8bc874a5c65500db03bf2.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections