Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8f45ef569a85736d832df5123be8b349f119471f27808a8080813bfe24faf74e

  • Size

    8.6MB

  • Sample

    221129-zhf58she5t

  • MD5

    6b8c5f84fadc175d328c36214aa5fa09

  • SHA1

    fd1987cfe5916aef22bfdcb116eb767528822e1c

  • SHA256

    8f45ef569a85736d832df5123be8b349f119471f27808a8080813bfe24faf74e

  • SHA512

    515a7109b058bf9e5b1192240a332eff87fd59f0388373a9ac6edfa21f38e1558ec76a75c2d911da5c9f96b30f37483d864b0fe5ff3c42b1fcad4c36ce9aa7fa

  • SSDEEP

    196608:PS7/tI2t37W2rGdd72bfuH7bff4+It9YAKPAERIRCTQCFo:PS7t17xU2A7bXpIt9YAKPAERN9m

Malware Config

Targets

    • Target

      8f45ef569a85736d832df5123be8b349f119471f27808a8080813bfe24faf74e

    • Size

      8.6MB

    • MD5

      6b8c5f84fadc175d328c36214aa5fa09

    • SHA1

      fd1987cfe5916aef22bfdcb116eb767528822e1c

    • SHA256

      8f45ef569a85736d832df5123be8b349f119471f27808a8080813bfe24faf74e

    • SHA512

      515a7109b058bf9e5b1192240a332eff87fd59f0388373a9ac6edfa21f38e1558ec76a75c2d911da5c9f96b30f37483d864b0fe5ff3c42b1fcad4c36ce9aa7fa

    • SSDEEP

      196608:PS7/tI2t37W2rGdd72bfuH7bff4+It9YAKPAERIRCTQCFo:PS7t17xU2A7bXpIt9YAKPAERN9m

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks