Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3

  • Size

    351KB

  • Sample

    221124-dxfmcsea43

  • MD5

    f70ab20d0b560fd0e6d378105718491a

  • SHA1

    c689a07f5b05a94edeee2832e63dd7e2f0f2024d

  • SHA256

    239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3

  • SHA512

    4cd2cc662f0529c1ee4c8021c5eb786b80e86be71358f340907aa0a8a05329a8cae42ee2f42e5138154f470e5d776c96a84035139fc1ab4fa2ae6f5842a475a5

  • SSDEEP

    6144:oAAYDXa1DdFIHmGm7vx3Dp486h5LH3jnLd9crJ2E1aWWySm+5B5:7DXCDdFIHY93DG8WznB8J2iadB

Malware Config

Targets

    • Target

      239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3

    • Size

      351KB

    • MD5

      f70ab20d0b560fd0e6d378105718491a

    • SHA1

      c689a07f5b05a94edeee2832e63dd7e2f0f2024d

    • SHA256

      239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3

    • SHA512

      4cd2cc662f0529c1ee4c8021c5eb786b80e86be71358f340907aa0a8a05329a8cae42ee2f42e5138154f470e5d776c96a84035139fc1ab4fa2ae6f5842a475a5

    • SSDEEP

      6144:oAAYDXa1DdFIHmGm7vx3Dp486h5LH3jnLd9crJ2E1aWWySm+5B5:7DXCDdFIHY93DG8WznB8J2iadB

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks