Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268

  • Size

    588KB

  • Sample

    221127-szyy2scf2s

  • MD5

    55062296cd82f3b8b5805a06dcb32cf6

  • SHA1

    7c1614ca008dd7f04e6f93ef0daf1379f424af98

  • SHA256

    89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268

  • SHA512

    77829cc9ebe22e91cbba845d57e6c66e0f1cfad2840593a14f09bb4e649fefa7faad07053e264a2e74645d5a929449072e7dc01de9daaaa3b91c19455577b26a

  • SSDEEP

    12288:WpR3kwv7SDitmQJLzpiCdcoW50pvYH9HKQ2TTqwmUyL8DSXzNOY4sxN514:JDktiGWmRYhKbTTLUjfr4

Malware Config

Targets

    • Target

      89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268

    • Size

      588KB

    • MD5

      55062296cd82f3b8b5805a06dcb32cf6

    • SHA1

      7c1614ca008dd7f04e6f93ef0daf1379f424af98

    • SHA256

      89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268

    • SHA512

      77829cc9ebe22e91cbba845d57e6c66e0f1cfad2840593a14f09bb4e649fefa7faad07053e264a2e74645d5a929449072e7dc01de9daaaa3b91c19455577b26a

    • SSDEEP

      12288:WpR3kwv7SDitmQJLzpiCdcoW50pvYH9HKQ2TTqwmUyL8DSXzNOY4sxN514:JDktiGWmRYhKbTTLUjfr4

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks