Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8d46982ffd5dd5a49d9b22a91fa7b8d92a9af94ef495a611cf1a81d1cfef714e

  • Size

    324KB

  • Sample

    221011-wmm8kageb9

  • MD5

    218a40b442c19f628860b16f682bb78a

  • SHA1

    366cb6a9be431f01b90f4b9ea5f12a0200d76887

  • SHA256

    8d46982ffd5dd5a49d9b22a91fa7b8d92a9af94ef495a611cf1a81d1cfef714e

  • SHA512

    466cd1ceda5e611d51f1904aab711c873268b6dc597a00cc4916b81af5a2cad8ff8511f265bf993b6ded6d1a176a906d75edc5d2482d9aa0f5935fa9f71203ab

  • SSDEEP

    6144:gAySm9gM+TSmcgMc9Sm4rRK58UOzD4nvNDqGbMg/JFglpG+JJw6V:gAtMsv5MEt4rc58U5vBVbn/JF0b

Malware Config

Targets

    • Target

      8d46982ffd5dd5a49d9b22a91fa7b8d92a9af94ef495a611cf1a81d1cfef714e

    • Size

      324KB

    • MD5

      218a40b442c19f628860b16f682bb78a

    • SHA1

      366cb6a9be431f01b90f4b9ea5f12a0200d76887

    • SHA256

      8d46982ffd5dd5a49d9b22a91fa7b8d92a9af94ef495a611cf1a81d1cfef714e

    • SHA512

      466cd1ceda5e611d51f1904aab711c873268b6dc597a00cc4916b81af5a2cad8ff8511f265bf993b6ded6d1a176a906d75edc5d2482d9aa0f5935fa9f71203ab

    • SSDEEP

      6144:gAySm9gM+TSmcgMc9Sm4rRK58UOzD4nvNDqGbMg/JFglpG+JJw6V:gAtMsv5MEt4rc58U5vBVbn/JF0b

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks