Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dec3a084d5781efaece6ac3a4bfc9ecbf42f76e92602b618ecd50b1886b035d5

  • Size

    1015KB

  • Sample

    221124-nsc1sabc86

  • MD5

    eeaad0018cda28981b2459b48280f8ee

  • SHA1

    12b7929a92a899c4f89ba036875838fc31bcb120

  • SHA256

    dec3a084d5781efaece6ac3a4bfc9ecbf42f76e92602b618ecd50b1886b035d5

  • SHA512

    b925a80136d32fcd48b995da701c51c8d2acc26470b5ea0822826eb6cbaa43d6a33a6ec1bfeafc14f655b7c8631acb1b59b3acb8525b240daedf19447a67e0d3

  • SSDEEP

    12288:uaWzgMg7v3qnCiMErQohh0F4CCJ8lny/Qg8r69oGE15jSsFZyoopBWCD+z:ZaHMv6Corjqny/QgSsoRNFZyo5C2

Malware Config

Targets

    • Target

      dec3a084d5781efaece6ac3a4bfc9ecbf42f76e92602b618ecd50b1886b035d5

    • Size

      1015KB

    • MD5

      eeaad0018cda28981b2459b48280f8ee

    • SHA1

      12b7929a92a899c4f89ba036875838fc31bcb120

    • SHA256

      dec3a084d5781efaece6ac3a4bfc9ecbf42f76e92602b618ecd50b1886b035d5

    • SHA512

      b925a80136d32fcd48b995da701c51c8d2acc26470b5ea0822826eb6cbaa43d6a33a6ec1bfeafc14f655b7c8631acb1b59b3acb8525b240daedf19447a67e0d3

    • SSDEEP

      12288:uaWzgMg7v3qnCiMErQohh0F4CCJ8lny/Qg8r69oGE15jSsFZyoopBWCD+z:ZaHMv6Corjqny/QgSsoRNFZyo5C2

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks