Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    KPmhGSHXD1wimFC.exe

  • Size

    992KB

  • Sample

    200714-528nlhhctx

  • MD5

    85ab3d51b6eff203312f462c3fbf9949

  • SHA1

    1d0bc22e301e8f90f34ef3487da286dd34895035

  • SHA256

    dace2f4b76d741282866cb3e5038e7b2008817ed8f7079d5d764099be01d34bb

  • SHA512

    758043f044983be55a9885eae098bf7af99ba714e932734f8444d77684c6874e328af2d5abd0b72e6c8d9e6f5dfe70e943e47632a3b0794a4754d54761cc63b3

Malware Config

Targets

    • Target

      KPmhGSHXD1wimFC.exe

    • Size

      992KB

    • MD5

      85ab3d51b6eff203312f462c3fbf9949

    • SHA1

      1d0bc22e301e8f90f34ef3487da286dd34895035

    • SHA256

      dace2f4b76d741282866cb3e5038e7b2008817ed8f7079d5d764099be01d34bb

    • SHA512

      758043f044983be55a9885eae098bf7af99ba714e932734f8444d77684c6874e328af2d5abd0b72e6c8d9e6f5dfe70e943e47632a3b0794a4754d54761cc63b3

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks