Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

$5 no recoil leak.exe

windows7-x64

7

$5 no recoil leak.exe

windows10-2004-x64

8

Resubmissions

26/03/2025, 04:02

250326-elzfrsxtat 10

23/03/2025, 19:38

250323-ycpprasxhz 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    $5 no recoil leak.exe

  • Size

    8.2MB

  • Sample

    250326-elzfrsxtat

  • MD5

    b80f75b3c9763d1f53bde85f40f75a13

  • SHA1

    292ba54c4655dfea512bdc345b52eb379ed7d210

  • SHA256

    306791d17e509a81f7962a6067f24aaf1e9d1d7dc8969d0af9fa58c4268bcee5

  • SHA512

    9b1d5772d8b710d92700d8b3a5b497179f1a86a0dcf9815a86917277387db513eabce77d078ef86499aea27c679e4b830acda3c6325fd06dd760dcded2336310

  • SSDEEP

    196608:rWa02Vi74eNTfm/pf+xk4dNSESRimrbW3jmy3:lwry/pWu4m5RimrbmyE

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      $5 no recoil leak.exe

    • Size

      8.2MB

    • MD5

      b80f75b3c9763d1f53bde85f40f75a13

    • SHA1

      292ba54c4655dfea512bdc345b52eb379ed7d210

    • SHA256

      306791d17e509a81f7962a6067f24aaf1e9d1d7dc8969d0af9fa58c4268bcee5

    • SHA512

      9b1d5772d8b710d92700d8b3a5b497179f1a86a0dcf9815a86917277387db513eabce77d078ef86499aea27c679e4b830acda3c6325fd06dd760dcded2336310

    • SSDEEP

      196608:rWa02Vi74eNTfm/pf+xk4dNSESRimrbW3jmy3:lwry/pWu4m5RimrbmyE

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks