Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8105306280.zip

  • Size

    701KB

  • Sample

    221005-v232wsfac5

  • MD5

    54102dc17bc1407dffec941a0316867e

  • SHA1

    b12bf0ccde1050b2706f9c8ce4c3f02a8e13e90e

  • SHA256

    c5348deafddbf3beed31d22285cabbb1f3c55c0123b3e0d47a3edd79586c4a1d

  • SHA512

    83e1d201993b1cd836fbde45b0b60a67691a0960a5bdfae5de34891373345cedc7537748183ca54366baa0dfd276d4a4a4c1daaa8b3ad4e82b89c2657ebfd734

  • SSDEEP

    12288:IV5p2TiiVZIv9g81RPT7OZOTfsGqmsffjZr6Sc5RHz3QGXAGhJl43aL7byO/Rs9d:IlOiiX5wRriZhvMSc5RHz3PtTl43qSOE

Malware Config

Targets

    • Target

      e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad

    • Size

      1.4MB

    • MD5

      563f30a6c6d9978c30e8416542ad6041

    • SHA1

      44ea4b43e5cb20ce9140297f7bcf87f028e0830b

    • SHA256

      e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad

    • SHA512

      3d1fcb48c2ac03ac9c1e7fa6fdda611b45e4f36fba0ddf42fa2d7ab8027a19ae8b3937c97ef004812bfb9dd99c5c0f00c6b5162a5f6d536a0cedb47ad063d3b5

    • SSDEEP

      24576:jJjyyzQyz5io+HExGWUAyiqZpBqnGIQ5M6DLrVVdWGA13IqMXSpS2SDTQuV+vJFo:jJjrz5io+HGGWxyzXlrXVVdWGA13I1Xd

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks