Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

15/03/2021, 09:09

210315-2zntzgdr72 8

15/03/2021, 08:51

210315-mj6e5pvb66 8

13/03/2021, 17:09

210313-hrcfblnjbx 8

General

  • Target

    trash.exe

  • Size

    100KB

  • Sample

    210313-hrcfblnjbx

  • MD5

    7f5227030be3d2ef48aa652af1ec72b0

  • SHA1

    202e7ac1c2aaca8fbeed4ac454ca195a33c9d064

  • SHA256

    4dfc17406a58c6f1ce83a73ce6dd5b343d00fe77d07dfe21d28da13631bfad90

  • SHA512

    4603b758416dac60cb322aae6f3566711b6a4a9b657f6448861553b45b1c737fd3180d2b0bc169ef193a2372e89aba14a4d27a25e0a5eb440ed6c4afafe5f55c

Malware Config

Targets

    • Target

      trash.exe

    • Size

      100KB

    • MD5

      7f5227030be3d2ef48aa652af1ec72b0

    • SHA1

      202e7ac1c2aaca8fbeed4ac454ca195a33c9d064

    • SHA256

      4dfc17406a58c6f1ce83a73ce6dd5b343d00fe77d07dfe21d28da13631bfad90

    • SHA512

      4603b758416dac60cb322aae6f3566711b6a4a9b657f6448861553b45b1c737fd3180d2b0bc169ef193a2372e89aba14a4d27a25e0a5eb440ed6c4afafe5f55c

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks