Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Cracked LB...ts.dll

windows7-x64

1

Cracked LB...ts.dll

windows10-2004-x64

1

Cracked LB...ec.dll

windows7-x64

1

Cracked LB...ec.dll

windows10-2004-x64

1

Cracked LB...re.dll

windows7-x64

1

Cracked LB...re.dll

windows10-2004-x64

1

Cracked LB...le.dll

windows7-x64

1

Cracked LB...le.dll

windows10-2004-x64

1

Cracked LB...up.exe

windows7-x64

7

Cracked LB...up.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CrackedLB-PHONE.rar

  • Size

    18.2MB

  • Sample

    250320-v34ptawshw

  • MD5

    0f5619c7dbe2a736b93417e3dbca93e4

  • SHA1

    4f23afc94d5ec6925256f6e79c575356d5cb335f

  • SHA256

    9fa85129c0997203f7b60493778a0a93a46b5165cd1cb13e826605b25a502fc7

  • SHA512

    5a4bbfb0cc63ac06b4fd91061aba2458137d043994685901edc18efc19d5d84d9cc781fa6fafd7270a69a40bebc7526b96699c4623ec0933a7bc8476bb20dc88

  • SSDEEP

    393216:nuFvY7FLmM+ekiaDWHozUQ14bAG93dUMGhhQIdM7673A:nfKqki/cX14bAidVLO7Q

Score
10/10
empyreandiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Cracked LB-PHONE/client/tool-formats.dll

    • Size

      384KB

    • MD5

      d3261f51d85c0f3d488ef713344db0b4

    • SHA1

      6acb746dc81ef612ad08b96d8895246a84a5994c

    • SHA256

      f386b20806ad92166a75a96af25f46e5df3195e58366b371137452a8618d45b0

    • SHA512

      7cb1f0a068565415474fa5cab3c5c6e6667b485a5fdaf557eb0a93ccd9cc91154bfe0ac0b4487ab9d2d08f3860f09c0ebbbcb27775e3bdbff7aa1a4b1d6e0633

    • SSDEEP

      6144:iTeE9qbUIRbPbPVA3FqP+fw+KovFBIO1pD37ogdKMPvAueUTPpZvdt2u/6RS:+IRfGFqmhbF3A2n

    Score
    1/10
    behavioral1behavioral2

    • Target

      Cracked LB-PHONE/client/tool-vehrec.dll

    • Size

      271KB

    • MD5

      ce933d2aaec06d5ebbb0662d9357dfd4

    • SHA1

      488aa4a6e79a98b15c3aa17a2b9a69300fe2186a

    • SHA256

      c0bfccffe9bd324d14a5bf8b2541dfe2be21f437b48f3637e678b0fef3ad1db6

    • SHA512

      ea4e5569e2ffe29aae1f6a69db22fadfabeeed1cc4b053bbb130c323b82f29a0a0dc8358f6ebb5c7b8a9dc08feaaf2f73749e89dfcca66086aa7faa1a3e171c9

    • SSDEEP

      6144:hi543+Kf7A/4CZ1ojTnCdzEb8fx+Z8tN50Z7O:hOzvzJt

    Score
    1/10
    behavioral3behavioral4

    • Target

      Cracked LB-PHONE/client/vfs-core.dll

    • Size

      275KB

    • MD5

      db4543974da4af6bebd7758380146e88

    • SHA1

      0365cd8959852f766f4bba39fa9d49761a1cc94f

    • SHA256

      abcbb165c692a110ee1f02612e17c4a4dbd008dcc2428fe8e220fa3410e85508

    • SHA512

      7230e23b9515d88b723a665eb6b10f94aedc14a3c24d6c0ec6809aad9cc8ce895b527c1055ae821c34b178c73552cd458585690d9163bb8afa1de76a3aced518

    • SSDEEP

      6144:crcKN5B8fHcXAiW5NUK5IWHaoPN2ZCyd6tMc3R/:cluHc/WbUK8Zyh/

    Score
    1/10
    behavioral5behavioral6

    • Target

      Cracked LB-PHONE/client/voip-server-mumble.dll

    • Size

      1.1MB

    • MD5

      20ee6ac6beba1ba9b55aea2ea9278e39

    • SHA1

      6c3f37bfeb18d1e557e55826d77df7e9e069383b

    • SHA256

      16d8560b650fc2d10f4c1eceb54f8caa2506a7918924fced40e30947f7d5de36

    • SHA512

      08d6b4e8e79cadcec921efd18314061031220b5540c2d774a99cc52d6c140ff17697c5a5b79ff6d3668dd36b9f51ceb74067ebc8690ffcb4572268e71afea534

    • SSDEEP

      24576:cV4l1bywnR6YzdE3tLHV3N9XTqaEToLFm6:cV4l1bywnRNzydTV3NZmaEToLFm

    Score
    1/10
    behavioral7behavioral8

    • Target

      Cracked LB-PHONE/setup.exe

    • Size

      17.7MB

    • MD5

      b841c3328c8c0b782dffa4b6bd6ddb36

    • SHA1

      06e94314de7a36c0710bcf6e051dd49a194ec796

    • SHA256

      62a2fdf7ed3833f9aeea8af9bdb438611ce44e90c9cf0f81a887f25bd1aabcec

    • SHA512

      5b550fedefa53eb34796ec1989882dfb37cafc84edfc94310267d47d6355b1a37fe084fba4d8cd5a2b7f1c63659d81fbf53b31afef2a31721ac0e4dcdbee2bc7

    • SSDEEP

      393216:FqPnLFXlrSQ8DOETgsvfGF+g1RLUDvEJVJY/VQq:8PLFXNSQhEpgJUoJAP

    Score
    7/10
    discoverypersistenceprivilege_escalationspywarestealerupx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks