Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
744ec52f480cb86b7e84fbbfe4b1880f57219dae5683b746f88d6ee4ba394751
-
Size
780KB
-
Sample
200708-t1j8h7pc86
-
MD5
9bd737b220a4040dbcaf17f48be54a98
-
SHA1
9a64f521040e7250e8ae523cf2cc8f75753e4cf7
-
SHA256
744ec52f480cb86b7e84fbbfe4b1880f57219dae5683b746f88d6ee4ba394751
-
SHA512
135e292c99e65ad22b20d446130f4a96e1de896a642eb5cf262957ad5fe78f867cc980270d8e8b636615ecbf4f539f8330bf1664aea2a1c0005a441d0f838d68
Malware Config
Extracted
C:\_readme.txt
https://we.tl/t-9fpnK9F5nP
Extracted
C:\_readme.txt
https://we.tl/t-9fpnK9F5nP
Targets
-
-
Target
744ec52f480cb86b7e84fbbfe4b1880f57219dae5683b746f88d6ee4ba394751
-
Size
780KB
-
MD5
9bd737b220a4040dbcaf17f48be54a98
-
SHA1
9a64f521040e7250e8ae523cf2cc8f75753e4cf7
-
SHA256
744ec52f480cb86b7e84fbbfe4b1880f57219dae5683b746f88d6ee4ba394751
-
SHA512
135e292c99e65ad22b20d446130f4a96e1de896a642eb5cf262957ad5fe78f867cc980270d8e8b636615ecbf4f539f8330bf1664aea2a1c0005a441d0f838d68
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Djvu Ransomware
Ransomware which is a variant of the STOP family.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Checks for installed software on the system
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies system certificate store
-