Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RGen.rar
-
Size
7.6MB
-
Sample
250324-vv2v9awrz2
-
MD5
49c900e9fa7f9e9965923ab2db569569
-
SHA1
7d4d23c0f5dde6dfc4766e58a8b75fd4d965540b
-
SHA256
5af50e7089b4259a365ea246802bfc3b0c86baf3d2c0c0e9d73e8e966d1588d7
-
SHA512
d70ae2daeb102e85fa4937502f7058128b22a127d4612bd7ee41ee8e77000ab513b0ae6b0334ad97dd0c8a651de64be1eec9368a254d39b374c26548a6ed457a
-
SSDEEP
196608:3NG4E4qpZJgSLpt57fttt+HWbvquUTaB+38SxBw+XB1u:3UL4qveSNt5zt1bvNUTBxPx1u
Malware Config
Targets
-
-
Target
GiftcardGen.exe
-
Size
7.7MB
-
MD5
f5af07e70e0fc5e0edb2d58ae5117a6a
-
SHA1
cb92b482a5c5736ea73309930e8529f4e1556aa2
-
SHA256
f2d0eb0e4b29165a46d533f9bc5733d318aae5e9a8b325ef5fc9dbcb8b296b00
-
SHA512
199b39ab61c96a15101bea5998aab840ded3a4098a746c5fab2dcf177759053ddf96df5b8eada5de72aa35d3b93d994259f94da0515431f6d775aabc6ec671de
-
SSDEEP
196608:hWWx06+AjwfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAoG:YfIH20drLYRZjoG
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-