Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Q36Ru.exe

windows7-x64

7

Q36Ru.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2e923b5e334f71def8aeeb5d6772d2ed7b890797eec99fcd791933b6bab7e48

  • Size

    496KB

  • Sample

    250328-g27hesvkt5

  • MD5

    dd2fb88102bc5ef9b2bed39206cecdbe

  • SHA1

    ca8af5a456cacbd5b9a0a22ffd10b25ca758dac0

  • SHA256

    e2e923b5e334f71def8aeeb5d6772d2ed7b890797eec99fcd791933b6bab7e48

  • SHA512

    57040ba96b1288aafa3a8e71896000c55225b5716b2584c654c6de2985105d6a175edd9b4ddbd4e6b76d86634988650484fedfb56a4fb35b73e8a96f978ada1b

  • SSDEEP

    12288:p/dLzP3mJSz97p6+1i+6RCAKPnnZ3FUW+CB:BdfPm+196gnnZ1UWzB

Score
7/10
collectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      Q36Ru.exe

    • Size

      543KB

    • MD5

      49f71948ce49de84771357d2813d96f0

    • SHA1

      0a55aa840105305cc7c94664ac2315a2325b1e16

    • SHA256

      69399f96737f87f2fed08cc2f632fe6099a09e53e453beb8a04bf652d76cf021

    • SHA512

      53c2109fdcc99be44409f763dcdac6320e881f63ebba6426f7400bdd51f747c2bf212c66377c4ef8648c6be3105b1af20be20091548cdd65959998b6a97cc5ae

    • SSDEEP

      12288:QhQiKaxp3PnCRIxarY/4Rl2+ORCQKE77m:KQinPPxd/4RlJO0

    Score
    7/10
    collectiondiscoveryspywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks