Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c

  • Size

    388KB

  • Sample

    221120-mwdaaaaa53

  • MD5

    c0a89cca7440553df0f7f6f512fe6155

  • SHA1

    d436f20942c482244e591b0fd96a73807e2e3c0a

  • SHA256

    f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c

  • SHA512

    4b5b13dd8231364d6deee2e730c1d02617a85e2d5dec51de5f1613e2f95c6800aed09e9b17209a9d5b5159bbe47b26875d98fe48fa724ec6667eb0ee5a31ca7a

  • SSDEEP

    6144:qLurmZyXaw3bQ/4ugAT4auUZmbW+503i/nIr:7yMX54bluUgHU

Malware Config

Targets

    • Target

      f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c

    • Size

      388KB

    • MD5

      c0a89cca7440553df0f7f6f512fe6155

    • SHA1

      d436f20942c482244e591b0fd96a73807e2e3c0a

    • SHA256

      f7326a75d34f61448c295c69b18f70e4a6b61cb1309216da3d76c1860067ae6c

    • SHA512

      4b5b13dd8231364d6deee2e730c1d02617a85e2d5dec51de5f1613e2f95c6800aed09e9b17209a9d5b5159bbe47b26875d98fe48fa724ec6667eb0ee5a31ca7a

    • SSDEEP

      6144:qLurmZyXaw3bQ/4ugAT4auUZmbW+503i/nIr:7yMX54bluUgHU

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks