Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b660ff6d5b64bb31076ff9b5011e819c2a34c4671746f2ebac9167729bcceb73

  • Size

    1.1MB

  • Sample

    221202-1286ssch4w

  • MD5

    b76353f4f915d958df5617ac8c40ea67

  • SHA1

    f565bad20741158afa83d4019ca9527afa1dbc64

  • SHA256

    b660ff6d5b64bb31076ff9b5011e819c2a34c4671746f2ebac9167729bcceb73

  • SHA512

    02c2a7e1d2ea6545ab608af8eed4b63c898339008a6b2e1fc6182eef27b1459de938d0edb5642b6187ace92b8ab399a333974e186dddf8357ff850f4b6cfc3b6

  • SSDEEP

    24576:Etz8aJoW5Q4FA1If3x1bDPTnA52qmJwlpvj1ifNhLWp:iAA3XbPsIfNhLM

Malware Config

Targets

    • Target

      b660ff6d5b64bb31076ff9b5011e819c2a34c4671746f2ebac9167729bcceb73

    • Size

      1.1MB

    • MD5

      b76353f4f915d958df5617ac8c40ea67

    • SHA1

      f565bad20741158afa83d4019ca9527afa1dbc64

    • SHA256

      b660ff6d5b64bb31076ff9b5011e819c2a34c4671746f2ebac9167729bcceb73

    • SHA512

      02c2a7e1d2ea6545ab608af8eed4b63c898339008a6b2e1fc6182eef27b1459de938d0edb5642b6187ace92b8ab399a333974e186dddf8357ff850f4b6cfc3b6

    • SSDEEP

      24576:Etz8aJoW5Q4FA1If3x1bDPTnA52qmJwlpvj1ifNhLWp:iAA3XbPsIfNhLM

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks