Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0

  • Size

    686KB

  • Sample

    221201-fxa3zsbh6t

  • MD5

    4577ec3c4704d309243370685b3197e9

  • SHA1

    da91b2323a2087618be417e1de4e4d00d32bdf45

  • SHA256

    33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0

  • SHA512

    f3503a37e424831d8c0c0ab93473330b7339890096e20a2e2e9f1d686ee2fa38fcc6d5233122f7480819b2393b289beb1fa24a6290e050f5dc53a270e0658a6e

  • SSDEEP

    12288:R9487iRC/9NGWEYHowU+p5XOApM4umgf3I7rGNrkty0fkhAlmv:R9487GC/9sWECDFPXOwumgPIErmyFAe

Malware Config

Targets

    • Target

      33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0

    • Size

      686KB

    • MD5

      4577ec3c4704d309243370685b3197e9

    • SHA1

      da91b2323a2087618be417e1de4e4d00d32bdf45

    • SHA256

      33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0

    • SHA512

      f3503a37e424831d8c0c0ab93473330b7339890096e20a2e2e9f1d686ee2fa38fcc6d5233122f7480819b2393b289beb1fa24a6290e050f5dc53a270e0658a6e

    • SSDEEP

      12288:R9487iRC/9NGWEYHowU+p5XOApM4umgf3I7rGNrkty0fkhAlmv:R9487GC/9sWECDFPXOwumgPIErmyFAe

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks