Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Cphn-Multi...px.exe

windows7-x64

7

Cphn-Multi...px.exe

windows10-2004-x64

7

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Cphn-Multi...rt.bat

windows7-x64

7

Cphn-Multi...rt.bat

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cphn-MultiTool.zip

  • Size

    17.8MB

  • Sample

    250319-lrszhaymz9

  • MD5

    9adde2d8b84bbf515644246e0c152bc0

  • SHA1

    0adf5706b9e8501948205eddbfcbeac8e6cdadea

  • SHA256

    ed73cc9cd1933cb0f4751cd8af6cf7cb44d3c6f88b80596b0b1a699510b679f4

  • SHA512

    c89ad3ea5cc646170babb26302d97f11e4ecc49a8ca3e430b71c93dbb5940738612bed5f7d6db607ebe9a14dda4625f7bfa4a5612470b761ef397c326465bdf4

  • SSDEEP

    393216:mMtDBJXpae6sf83GGjysbvGGdHUrfeHh9UhZFyI:xt9JXcjsf3svlUa/KH

Score
10/10
empyreandiscoverypersistencepyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Cphn-MultiTool/src/utils/upx.exe

    • Size

      17.7MB

    • MD5

      673af60b87d8ce0dd4ebdcaac1d3641e

    • SHA1

      d09d358484d60c6ae51ed710ef7f6b7f9ea68cc7

    • SHA256

      7363a85243a9526d24d6bdd2c9e9003b451d4f9d97f26a174bf743fa791b15db

    • SHA512

      11fe2b921bf77165f52de385d2aa040b0e084dd93f93febba8777ccadc42a9e00dbd8f456ab06d15bb484a40b1e8475f5623920beff9dd6447ca2c35f2363f88

    • SSDEEP

      393216:aqPnLFXlrgUgQpDOETgsvfGEgTluSLzvEA6E8TLV:vPLFXNgtQoEFMPYQM

    Score
    7/10
    upxdiscoverypersistencespywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      0b325cdc53666943f0a1105eebd2ddcd

    • SHA1

      44d78b48aaa1c57367ea136f79a8187a6be74ac6

    • SHA256

      e6069d6ef971d9c7a41752643ce72d0aaf12b32424358aca5e381d230d291391

    • SHA512

      dcadfc7129c2293de920bbc5aa26a4f7e8f1eb9a0478f4686e0aab4dbc288614c90c8b34558329c568431b0c6da9a2ab5727a5ecdb5781576c90f1350de6b913

    • SSDEEP

      192:waXogIL0D839y+WdXwG1tBAtyJhwvYlzXMdwYZnw:7Qp99WuyB422sPYZw

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      Cphn-MultiTool/start.bat

    • Size

      105B

    • MD5

      7e1cceb0065441e20af5026339b7ba1a

    • SHA1

      eb7bb7e2f2e7da7122c10d00723a813ef458131e

    • SHA256

      f7c6a30cbd217f779117ab2ca0eaa605181ca8ff78009bc69bf95a4aeb55a40d

    • SHA512

      2f8aa83e3063321d6653d7ba579076cbf1642c9a8c829014cc68b6c5e37bcc5f952af712d1c73e27084b588eb71bf3b2753bb0ae5c5c2c1fbcdf070ac5a4fc6b

    Score
    7/10
    discoveryupxpersistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks