Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c981b63a4499bf9dbb00eb776f73535488893d131d06e4def2da070e10d8128e

  • Size

    135KB

  • Sample

    221020-x9e15sbfe2

  • MD5

    965e6792655c4854a820cf27e7748710

  • SHA1

    11434d0edc67382f2887e6e470b8ea2b9aa4de13

  • SHA256

    c981b63a4499bf9dbb00eb776f73535488893d131d06e4def2da070e10d8128e

  • SHA512

    bd5d299311f93b7da822b0720147962ddc4277c65c0bd6e885de51b94a801f7474174a581b9d6f0af3208dd4be4d2b5d2c62f98607f7d39c9fcf6b8634ed330d

  • SSDEEP

    3072:nL/Kd9XnJ4OXwHlt8qQg3Oi1OXvtWxepexZKj5tCYTK:WhJZYlgvtWepexZEK

Malware Config

Targets

    • Target

      c981b63a4499bf9dbb00eb776f73535488893d131d06e4def2da070e10d8128e

    • Size

      135KB

    • MD5

      965e6792655c4854a820cf27e7748710

    • SHA1

      11434d0edc67382f2887e6e470b8ea2b9aa4de13

    • SHA256

      c981b63a4499bf9dbb00eb776f73535488893d131d06e4def2da070e10d8128e

    • SHA512

      bd5d299311f93b7da822b0720147962ddc4277c65c0bd6e885de51b94a801f7474174a581b9d6f0af3208dd4be4d2b5d2c62f98607f7d39c9fcf6b8634ed330d

    • SSDEEP

      3072:nL/Kd9XnJ4OXwHlt8qQg3Oi1OXvtWxepexZKj5tCYTK:WhJZYlgvtWepexZEK

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks