Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    56d675b94ed40dcb422a2456ad30f60256b5dda9f1e20bc519bd58abd25ad817

  • Size

    536KB

  • Sample

    221126-qmenjafd22

  • MD5

    dcf1d09fadd3f5a019fe454bfb5421d4

  • SHA1

    a9a16c7f7c1c5e6d30a5b18625874fae136a1ba3

  • SHA256

    56d675b94ed40dcb422a2456ad30f60256b5dda9f1e20bc519bd58abd25ad817

  • SHA512

    e4d90fae0d1017052c05b44da9e42c6f323e01aaf3f650e8ff07cb9d352766a70910d77f88ef1e509f0dc9e615caabbeedc430e16e79286145059bc219860509

  • SSDEEP

    12288:PvwVa5L9B/S5cCo4GgKUX/QgIVlFMPxC15J:Xw4lXCo4JnclFixC15

Malware Config

Targets

    • Target

      56d675b94ed40dcb422a2456ad30f60256b5dda9f1e20bc519bd58abd25ad817

    • Size

      536KB

    • MD5

      dcf1d09fadd3f5a019fe454bfb5421d4

    • SHA1

      a9a16c7f7c1c5e6d30a5b18625874fae136a1ba3

    • SHA256

      56d675b94ed40dcb422a2456ad30f60256b5dda9f1e20bc519bd58abd25ad817

    • SHA512

      e4d90fae0d1017052c05b44da9e42c6f323e01aaf3f650e8ff07cb9d352766a70910d77f88ef1e509f0dc9e615caabbeedc430e16e79286145059bc219860509

    • SSDEEP

      12288:PvwVa5L9B/S5cCo4GgKUX/QgIVlFMPxC15J:Xw4lXCo4JnclFixC15

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks