Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be993277e71fd91453651b5960088c71cc430ff6750b8c73b56586d5203921a8

  • Size

    214KB

  • Sample

    221203-gsq43sah26

  • MD5

    25364a4e054cbfe90968028b3de3dba0

  • SHA1

    8379182160adba00c2c84cc7c92146a54e1ceef9

  • SHA256

    be993277e71fd91453651b5960088c71cc430ff6750b8c73b56586d5203921a8

  • SHA512

    d24f8e0d7b01a0dd453fd51ebafd0b6cd1ac02e61b9019d19ce99b8757f3361850297aab4ec54b0190764b27d861e0e81a393b03067d5caf5b00dbe112ca071b

  • SSDEEP

    3072:ZSDuGtVVkJpJpkmMZSlYOUxALuiWGjolObzUtwp34d:2wJpJNYOUxku1GzzU24d

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    15800620204

Targets

    • Target

      be993277e71fd91453651b5960088c71cc430ff6750b8c73b56586d5203921a8

    • Size

      214KB

    • MD5

      25364a4e054cbfe90968028b3de3dba0

    • SHA1

      8379182160adba00c2c84cc7c92146a54e1ceef9

    • SHA256

      be993277e71fd91453651b5960088c71cc430ff6750b8c73b56586d5203921a8

    • SHA512

      d24f8e0d7b01a0dd453fd51ebafd0b6cd1ac02e61b9019d19ce99b8757f3361850297aab4ec54b0190764b27d861e0e81a393b03067d5caf5b00dbe112ca071b

    • SSDEEP

      3072:ZSDuGtVVkJpJpkmMZSlYOUxALuiWGjolObzUtwp34d:2wJpJNYOUxku1GzzU24d

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks