Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    927d3021e6bb8bb41e6f2c1362bc9b114721ef7fe8198b321b41942aae542a64

  • Size

    262KB

  • Sample

    221202-v3ze4ahb63

  • MD5

    b571fd27d196c69ee7e17f77a929f3ca

  • SHA1

    3206cf10320c4a17bdfdd2844497edacc6b36172

  • SHA256

    927d3021e6bb8bb41e6f2c1362bc9b114721ef7fe8198b321b41942aae542a64

  • SHA512

    bea7393487203e692e0712781a93fa585906bc1f153fbbf58d7299ea4888a2680b496bc9f905d71be739e729a53e4fa65d1428e08c92b09325280707ae79a53d

  • SSDEEP

    3072:aY0yj4Gi3dSazN65IqNoEeHBYIwbO99cHjnV4jqD64FxUtZdfNwMXtOvVgnKCm6F:aY94NR65IajOry8g6+UtVIvVgnKCCRCJ

Malware Config

Targets

    • Target

      927d3021e6bb8bb41e6f2c1362bc9b114721ef7fe8198b321b41942aae542a64

    • Size

      262KB

    • MD5

      b571fd27d196c69ee7e17f77a929f3ca

    • SHA1

      3206cf10320c4a17bdfdd2844497edacc6b36172

    • SHA256

      927d3021e6bb8bb41e6f2c1362bc9b114721ef7fe8198b321b41942aae542a64

    • SHA512

      bea7393487203e692e0712781a93fa585906bc1f153fbbf58d7299ea4888a2680b496bc9f905d71be739e729a53e4fa65d1428e08c92b09325280707ae79a53d

    • SSDEEP

      3072:aY0yj4Gi3dSazN65IqNoEeHBYIwbO99cHjnV4jqD64FxUtZdfNwMXtOvVgnKCm6F:aY94NR65IajOry8g6+UtVIvVgnKCCRCJ

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks