Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e70c1a53008357fab3e236ff47f570cda3ee289199a72b799ab1ad3cb1044680

  • Size

    689KB

  • Sample

    221126-2vkejabc82

  • MD5

    4e8c12dd138ba44b76075a668578360d

  • SHA1

    6e2cb4d2b422d6a70017b8e6f3f0c80b9844456b

  • SHA256

    e70c1a53008357fab3e236ff47f570cda3ee289199a72b799ab1ad3cb1044680

  • SHA512

    caacb35890bce8d51e549b92c1c7268c413ae26d73d4d04c9031130ffcb3b8184e7f74d17bccfed4bb60255450edd395d60f4141bc2d0143f887855f20db7b81

  • SSDEEP

    12288:p17DgB2IjHVG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDbjeKuV4vPD+N82Lwwim:p1QoO1G4G37tUnvone83Z76bMHxPtU4u

Malware Config

Targets

    • Target

      e70c1a53008357fab3e236ff47f570cda3ee289199a72b799ab1ad3cb1044680

    • Size

      689KB

    • MD5

      4e8c12dd138ba44b76075a668578360d

    • SHA1

      6e2cb4d2b422d6a70017b8e6f3f0c80b9844456b

    • SHA256

      e70c1a53008357fab3e236ff47f570cda3ee289199a72b799ab1ad3cb1044680

    • SHA512

      caacb35890bce8d51e549b92c1c7268c413ae26d73d4d04c9031130ffcb3b8184e7f74d17bccfed4bb60255450edd395d60f4141bc2d0143f887855f20db7b81

    • SSDEEP

      12288:p17DgB2IjHVG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDbjeKuV4vPD+N82Lwwim:p1QoO1G4G37tUnvone83Z76bMHxPtU4u

    • Registers COM server for autorun

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks