Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539

  • Size

    1.2MB

  • Sample

    221128-bpad9sdb92

  • MD5

    8f15bfb3722b7b5c2af0a3af4aea2e59

  • SHA1

    b7b1c094d883c219c7f872b9d18bd765bce8a5f5

  • SHA256

    505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539

  • SHA512

    47cf5362e7a48d0871f628b3a1913a8b081d2e366323e196860a1249c9b5408178a175e4acfac42a6e4f2d617b405501d6ff036acea558f75184fccecb0131f6

  • SSDEEP

    12288:92vL7kVDlyOjZ87Bvr7wn8/GtFgd6/L5G8Qx9CPW0CjTTrm+pLFONMIRkxkfkkUN:UfSh94z+tCdSV3fW0CjT3m+pApl08M3

Malware Config

Targets

    • Target

      505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539

    • Size

      1.2MB

    • MD5

      8f15bfb3722b7b5c2af0a3af4aea2e59

    • SHA1

      b7b1c094d883c219c7f872b9d18bd765bce8a5f5

    • SHA256

      505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539

    • SHA512

      47cf5362e7a48d0871f628b3a1913a8b081d2e366323e196860a1249c9b5408178a175e4acfac42a6e4f2d617b405501d6ff036acea558f75184fccecb0131f6

    • SSDEEP

      12288:92vL7kVDlyOjZ87Bvr7wn8/GtFgd6/L5G8Qx9CPW0CjTTrm+pLFONMIRkxkfkkUN:UfSh94z+tCdSV3fW0CjT3m+pApl08M3

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks