Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Swift Copy #09765.exe
-
Size
690KB
-
Sample
200708-8ja2t1vtl6
-
MD5
f3b1bf9839a7f65a913e8298bb9ded82
-
SHA1
c1b180b445500bbfbec473409683fb150afea3a2
-
SHA256
ea9d8c28e623cbabc1407aa3da7a681adb93ef3e758fe31aaf664ff3998cddb5
-
SHA512
ce230ee76f1cce30226df6a5f15e7f807638a7e356e44cc17bb60aac84630975b2ce516f129e8addb0483ae72be5991ab9c495f3f18be97a913a46b57dbfb0d4
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy #09765.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Swift Copy #09765.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Swift Copy #09765.exe
-
Size
690KB
-
MD5
f3b1bf9839a7f65a913e8298bb9ded82
-
SHA1
c1b180b445500bbfbec473409683fb150afea3a2
-
SHA256
ea9d8c28e623cbabc1407aa3da7a681adb93ef3e758fe31aaf664ff3998cddb5
-
SHA512
ce230ee76f1cce30226df6a5f15e7f807638a7e356e44cc17bb60aac84630975b2ce516f129e8addb0483ae72be5991ab9c495f3f18be97a913a46b57dbfb0d4
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-