Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Aimware_Installer.exe

  • Size

    845KB

  • Sample

    220919-a33gjahbd9

  • MD5

    7d86558a7374d800e022769e8a9bc65a

  • SHA1

    aa9fc6028a044d78c7f17c88f0c01f732a991565

  • SHA256

    5e7efa3f5819c2b14e6d3cfc59faaf8f358690acfde10b80d4be0339a960b29d

  • SHA512

    cd537ab4ec188e84392217912f1f82190c75359ff42d2d4105225bf5f8b49337bc24374a83a8b9e84523331c12a9f5941fab2827308a9586f03b4ba29a6c0b77

  • SSDEEP

    12288:FcgANG5elQUYhOIS4N5azvWbHRRkkDoNIJjoerY2XxqG025:FcgANiXhDSAazebRRkuJjoeVwG025

Malware Config

Targets

    • Target

      Aimware_Installer.exe

    • Size

      845KB

    • MD5

      7d86558a7374d800e022769e8a9bc65a

    • SHA1

      aa9fc6028a044d78c7f17c88f0c01f732a991565

    • SHA256

      5e7efa3f5819c2b14e6d3cfc59faaf8f358690acfde10b80d4be0339a960b29d

    • SHA512

      cd537ab4ec188e84392217912f1f82190c75359ff42d2d4105225bf5f8b49337bc24374a83a8b9e84523331c12a9f5941fab2827308a9586f03b4ba29a6c0b77

    • SSDEEP

      12288:FcgANG5elQUYhOIS4N5azvWbHRRkkDoNIJjoerY2XxqG025:FcgANiXhDSAazebRRkuJjoeVwG025

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks