Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3.7z

  • Size

    2.1MB

  • Sample

    221101-xrhdjsfbcn

  • MD5

    de980ec8cbc341e66e5cfea70ef8314b

  • SHA1

    882ecafbb59b33c592857ec0f80044463f6f7950

  • SHA256

    0af8ddbdff0b4305226e8a5e66047bc9dfcbd44aad71bf4067c1b32a70e5a9aa

  • SHA512

    fb54fda3db5ab1c59484a3df63506c655e9046173ac935ff9836a8a9e7dd2f5e391597043c1118fed169d19314d0d6d2dc5429efe1daa58e9628b5d3387ab660

  • SSDEEP

    49152:tF2pTXqkUpasA6PmfNyigaN+ih8VILfx+frCA50QOP:tF2pTXDUFm0W+ih8w+DCA5wP

Malware Config

Targets

    • Target

      6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3

    • Size

      3.2MB

    • MD5

      32e0a8e898a4aef3abe2c5c26d2570fb

    • SHA1

      0c56076f2d4d905a08dc2e8c85a6fd4d184a0846

    • SHA256

      6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3

    • SHA512

      1cec6e1dd8eaea6bfc00c48403d3263db6a54d4012b87666da5ac2f83748ef9102ed97c026e185d3c8cc0342c8feafd0a27442dfc19d6d37b69a9d91168ab97d

    • SSDEEP

      98304:kSiH4opH4opH4opuE9vBuRes1EdKKBEXJhJj:EDBDBDlaezKKB2R

    • Modifies system executable filetype association

    • Creates new service(s)

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks