Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    44d3f6c9eec8763b71b471e072059081d003683581f01be0fd63f2770cbafddf

  • Size

    444KB

  • Sample

    221202-a536vabg2w

  • MD5

    fc3f45daeb006afcd41081f3c951db70

  • SHA1

    db635630f193dce9eaca637ecf7c3c7b4893bd9f

  • SHA256

    44d3f6c9eec8763b71b471e072059081d003683581f01be0fd63f2770cbafddf

  • SHA512

    3a522f67d564204537a858ca39d79139667050565903ed98b15a90d957879db70b19ab528a7710c83694d4cc5c507a0a132cff8d7c445973e2ae1e603ea5a417

  • SSDEEP

    12288:Zqpq3C4c0C3jaJBaPHaKx8Xk8NxagaElleY:Upczc3Ywt8XzNxagaClz

Malware Config

Targets

    • Target

      44d3f6c9eec8763b71b471e072059081d003683581f01be0fd63f2770cbafddf

    • Size

      444KB

    • MD5

      fc3f45daeb006afcd41081f3c951db70

    • SHA1

      db635630f193dce9eaca637ecf7c3c7b4893bd9f

    • SHA256

      44d3f6c9eec8763b71b471e072059081d003683581f01be0fd63f2770cbafddf

    • SHA512

      3a522f67d564204537a858ca39d79139667050565903ed98b15a90d957879db70b19ab528a7710c83694d4cc5c507a0a132cff8d7c445973e2ae1e603ea5a417

    • SSDEEP

      12288:Zqpq3C4c0C3jaJBaPHaKx8Xk8NxagaElleY:Upczc3Ywt8XzNxagaClz

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks