Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

IMG__295541.exe

windows7_x64

10

IMG__295541.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG__295541.exe

  • Size

    1.3MB

  • Sample

    200713-br8xq7z59a

  • MD5

    5f0dcd355fed551839938d7add9f40e6

  • SHA1

    e628bc47384fe3f5af640e06f31f3c2e9f14d689

  • SHA256

    677906173148035544d96ed87acd962194baf88a2c5c6a33e2ad94a850a81835

  • SHA512

    2004e67ad4f77d9d4d1ae389d6bece2d69fd66a5ed5b0603215477bbef0856c4e32979a3b96ad728a18430d3d4fe9a66ea2517871cbab7e970d48ff638ccf93e

Score
10/10
massloggerpersistencespywarestealer

Malware Config

Targets

    • Target

      IMG__295541.exe

    • Size

      1.3MB

    • MD5

      5f0dcd355fed551839938d7add9f40e6

    • SHA1

      e628bc47384fe3f5af640e06f31f3c2e9f14d689

    • SHA256

      677906173148035544d96ed87acd962194baf88a2c5c6a33e2ad94a850a81835

    • SHA512

      2004e67ad4f77d9d4d1ae389d6bece2d69fd66a5ed5b0603215477bbef0856c4e32979a3b96ad728a18430d3d4fe9a66ea2517871cbab7e970d48ff638ccf93e

    Score
    10/10
    persistencespywarestealermasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks