Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0057c90386d014411d0269b2578959911f519f01ee99c50d56401a905389c9f8

  • Size

    1015KB

  • Sample

    221124-n6v4hscc29

  • MD5

    b231ec61a670c8ce4469c8e027894e8f

  • SHA1

    b701c849435bb024f8f63f3097d7de48e01b9235

  • SHA256

    0057c90386d014411d0269b2578959911f519f01ee99c50d56401a905389c9f8

  • SHA512

    f2f58b6e051b7e59cd4466e06c616a66d2f32d390dcfe5c5281de243b699717ef5c4f92233c05ca519d0feae76bbcc7e250fa7f0a819eb1aca4c511b877206c0

  • SSDEEP

    12288:uaWzgMg7v3qnCiMErQohh0F4CCJ8lny/Qg8rq9oGE15jSsFZyoopnWCD+z:ZaHMv6Corjqny/QgS8oRNFZyo7C2

Malware Config

Targets

    • Target

      0057c90386d014411d0269b2578959911f519f01ee99c50d56401a905389c9f8

    • Size

      1015KB

    • MD5

      b231ec61a670c8ce4469c8e027894e8f

    • SHA1

      b701c849435bb024f8f63f3097d7de48e01b9235

    • SHA256

      0057c90386d014411d0269b2578959911f519f01ee99c50d56401a905389c9f8

    • SHA512

      f2f58b6e051b7e59cd4466e06c616a66d2f32d390dcfe5c5281de243b699717ef5c4f92233c05ca519d0feae76bbcc7e250fa7f0a819eb1aca4c511b877206c0

    • SSDEEP

      12288:uaWzgMg7v3qnCiMErQohh0F4CCJ8lny/Qg8rq9oGE15jSsFZyoopnWCD+z:ZaHMv6Corjqny/QgS8oRNFZyo7C2

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks