Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.exe

  • Size

    3.6MB

  • Sample

    221104-xw4scacaeq

  • MD5

    ac25ad8534086ca6aab6b0ed96be0b2c

  • SHA1

    d7391291abee152f2e4d7284a4620eb64b5705aa

  • SHA256

    9ba41d0b6d8b1cad13342626ad1496e93852b177da241b6cc7da6bfbde901243

  • SHA512

    0869910f283868684c629c14fa3f23db84793db746679030d630045604819d1470fc1931f4ba7c6803a4ebb2d5943c5e45cb7828efceac9ffacb10d4074b182f

  • SSDEEP

    12288:4JAs+M2EtQ+0Tn5uuItD774tFp4A4nw7k703xkpcgz8Iehu2:u+xEtG4IvbY03xydzto

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      3.6MB

    • MD5

      ac25ad8534086ca6aab6b0ed96be0b2c

    • SHA1

      d7391291abee152f2e4d7284a4620eb64b5705aa

    • SHA256

      9ba41d0b6d8b1cad13342626ad1496e93852b177da241b6cc7da6bfbde901243

    • SHA512

      0869910f283868684c629c14fa3f23db84793db746679030d630045604819d1470fc1931f4ba7c6803a4ebb2d5943c5e45cb7828efceac9ffacb10d4074b182f

    • SSDEEP

      12288:4JAs+M2EtQ+0Tn5uuItD774tFp4A4nw7k703xkpcgz8Iehu2:u+xEtG4IvbY03xydzto

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks