Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8d46982ffd5dd5a49d9b22a91fa7b8d92a9af94ef495a611cf1a81d1cfef714e

  • Size

    324KB

  • Sample

    221011-wmm8kageb9

  • MD5

    218a40b442c19f628860b16f682bb78a

  • SHA1

    366cb6a9be431f01b90f4b9ea5f12a0200d76887

  • SHA256

    8d46982ffd5dd5a49d9b22a91fa7b8d92a9af94ef495a611cf1a81d1cfef714e

  • SHA512

    466cd1ceda5e611d51f1904aab711c873268b6dc597a00cc4916b81af5a2cad8ff8511f265bf993b6ded6d1a176a906d75edc5d2482d9aa0f5935fa9f71203ab

  • SSDEEP

    6144:gAySm9gM+TSmcgMc9Sm4rRK58UOzD4nvNDqGbMg/JFglpG+JJw6V:gAtMsv5MEt4rc58U5vBVbn/JF0b

Malware Config

Targets

    • Target

      8d46982ffd5dd5a49d9b22a91fa7b8d92a9af94ef495a611cf1a81d1cfef714e

    • Size

      324KB

    • MD5

      218a40b442c19f628860b16f682bb78a

    • SHA1

      366cb6a9be431f01b90f4b9ea5f12a0200d76887

    • SHA256

      8d46982ffd5dd5a49d9b22a91fa7b8d92a9af94ef495a611cf1a81d1cfef714e

    • SHA512

      466cd1ceda5e611d51f1904aab711c873268b6dc597a00cc4916b81af5a2cad8ff8511f265bf993b6ded6d1a176a906d75edc5d2482d9aa0f5935fa9f71203ab

    • SSDEEP

      6144:gAySm9gM+TSmcgMc9Sm4rRK58UOzD4nvNDqGbMg/JFglpG+JJw6V:gAtMsv5MEt4rc58U5vBVbn/JF0b

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.