Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aeea18fa535283c0a4dba933bd7fd92a0214d4a3e54ed0295c08c3ddb0d87c68

  • Size

    401KB

  • Sample

    220918-gzlg6segdj

  • MD5

    2c6ece77a47f490104ba4e0a4bd97b74

  • SHA1

    5e80aa411cf2d97bcb729e7dd70608ba2fe1fb7b

  • SHA256

    aeea18fa535283c0a4dba933bd7fd92a0214d4a3e54ed0295c08c3ddb0d87c68

  • SHA512

    81e72f17a36685a1287b68342467ac513fbb5ed853a604ed544aa26575828ef4132229fb701a0192913bf42ea29237f338f210fa04843e5ef222874fd6c6fd06

  • SSDEEP

    6144:r+17ULV5EdMrIX9sAatFeV08sA0lRdkncFogamv08ZwmnigabwVf6:r+mx5EdliGPUDknc3Ytmi5

Malware Config

Targets

    • Target

      aeea18fa535283c0a4dba933bd7fd92a0214d4a3e54ed0295c08c3ddb0d87c68

    • Size

      401KB

    • MD5

      2c6ece77a47f490104ba4e0a4bd97b74

    • SHA1

      5e80aa411cf2d97bcb729e7dd70608ba2fe1fb7b

    • SHA256

      aeea18fa535283c0a4dba933bd7fd92a0214d4a3e54ed0295c08c3ddb0d87c68

    • SHA512

      81e72f17a36685a1287b68342467ac513fbb5ed853a604ed544aa26575828ef4132229fb701a0192913bf42ea29237f338f210fa04843e5ef222874fd6c6fd06

    • SSDEEP

      6144:r+17ULV5EdMrIX9sAatFeV08sA0lRdkncFogamv08ZwmnigabwVf6:r+mx5EdliGPUDknc3Ytmi5

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks